Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-44717 (GCVE-0-2021-44717)
Vulnerability from cvelistv5 – Published: 2022-01-01 00:00 – Updated: 2024-08-04 04:32
VLAI
EPSS
Summary
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:12.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
},
{
"name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44717",
"datePublished": "2022-01-01T00:00:00.000Z",
"dateReserved": "2021-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:12.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-44717",
"date": "2026-05-29",
"epss": "0.0022",
"percentile": "0.44606"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-44717\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-01-01T05:15:08.367\",\"lastModified\":\"2024-11-21T06:31:27.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.\"},{\"lang\":\"es\",\"value\":\"Go versiones anteriores a 1.16.12 y versiones 1.17.x anteriores a 1.17.5 en UNIX, permite operaciones de escritura en un archivo no deseado o en una conexi\u00f3n de red no deseada como consecuencia de un cierre err\u00f3neo del descriptor de archivo 0 tras el agotamiento del descriptor de archivo.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.16.12\",\"matchCriteriaId\":\"4CF46C0F-E074-4676-A9B3-E6A22861879C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.17.0\",\"versionEndExcluding\":\"1.17.5\",\"matchCriteriaId\":\"406E61FE-D8E5-457E-93C5-8495F43DF42C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A90CB3A-9BE7-475C-9E75-6ECAD2106302\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/hcmEScgc00k\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/hcmEScgc00k\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022:1361
Vulnerability from csaf_redhat - Published: 2022-04-13 15:33 - Updated: 2026-04-30 16:20Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 RPM security,enhancement&bugfix update
Severity
Important
Notes
Topic: Updated images that include numerous enhancements, security, and bug fixes
are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
Bug Fix(es):
These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.
or more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
5.9 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous enhancements, security, and bug fixes\nare now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\nBug Fix(es):\n\nThese updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.\n\nor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1361",
"url": "https://access.redhat.com/errata/RHSA-2022:1361"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "2026342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026342"
},
{
"category": "external",
"summary": "2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1361.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 RPM security,enhancement\u0026bugfix update",
"tracking": {
"current_release_date": "2026-04-30T16:20:19+00:00",
"generator": {
"date": "2026-04-30T16:20:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2022:1361",
"initial_release_date": "2022-04-13T15:33:28+00:00",
"revision_history": [
{
"date": "2022-04-13T15:33:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-13T15:33:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:20:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHODF 4.10 for RHEL 8",
"product": {
"name": "RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.10.0-72.el8.src",
"product": {
"name": "mcg-0:5.10.0-72.el8.src",
"product_id": "mcg-0:5.10.0-72.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.10.0-72.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.10.0-72.el8.x86_64",
"product": {
"name": "mcg-0:5.10.0-72.el8.x86_64",
"product_id": "mcg-0:5.10.0-72.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.10.0-72.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mcg-redistributable-0:5.10.0-72.el8.x86_64",
"product": {
"name": "mcg-redistributable-0:5.10.0-72.el8.x86_64",
"product_id": "mcg-redistributable-0:5.10.0-72.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg-redistributable@5.10.0-72.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.10.0-72.el8.ppc64le",
"product": {
"name": "mcg-0:5.10.0-72.el8.ppc64le",
"product_id": "mcg-0:5.10.0-72.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.10.0-72.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mcg-0:5.10.0-72.el8.s390x",
"product": {
"name": "mcg-0:5.10.0-72.el8.s390x",
"product_id": "mcg-0:5.10.0-72.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mcg@5.10.0-72.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.10.0-72.el8.ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le"
},
"product_reference": "mcg-0:5.10.0-72.el8.ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.10.0-72.el8.s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x"
},
"product_reference": "mcg-0:5.10.0-72.el8.s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.10.0-72.el8.src as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src"
},
"product_reference": "mcg-0:5.10.0-72.el8.src",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-0:5.10.0-72.el8.x86_64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64"
},
"product_reference": "mcg-0:5.10.0-72.el8.x86_64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mcg-redistributable-0:5.10.0-72.el8.x86_64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
},
"product_reference": "mcg-redistributable-0:5.10.0-72.el8.x86_64",
"relates_to_product_reference": "8Base-RHODF-4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T15:33:28+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1361"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
},
{
"cve": "CVE-2021-43565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030787"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: empty plaintext packet causes panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43565"
},
{
"category": "external",
"summary": "RHBZ#2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
}
],
"release_date": "2021-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T15:33:28+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1361"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto: empty plaintext packet causes panic"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T15:33:28+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1361"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T15:33:28+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1361"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.ppc64le",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.s390x",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.src",
"8Base-RHODF-4.10:mcg-0:5.10.0-72.el8.x86_64",
"8Base-RHODF-4.10:mcg-redistributable-0:5.10.0-72.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
}
]
}
RHSA-2022:1372
Vulnerability from csaf_redhat - Published: 2022-04-13 18:48 - Updated: 2026-04-30 16:20Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update
Severity
Important
Notes
Topic: Updated images that include numerous enhancements, security, and bug fixes
are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
Bug Fix(es):
These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.
or more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
5.9 (Medium)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.
7.5 (High)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
137 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous enhancements, security, and bug fixes\nare now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nBug Fix(es):\nThese updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.\n\nor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1372",
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898988"
},
{
"category": "external",
"summary": "1954708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954708"
},
{
"category": "external",
"summary": "1956418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956418"
},
{
"category": "external",
"summary": "1970123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970123"
},
{
"category": "external",
"summary": "1972190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972190"
},
{
"category": "external",
"summary": "1974344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974344"
},
{
"category": "external",
"summary": "1981341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981341"
},
{
"category": "external",
"summary": "1981694",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981694"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1991462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991462"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "1996830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996830"
},
{
"category": "external",
"summary": "1996833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996833"
},
{
"category": "external",
"summary": "1999689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999689"
},
{
"category": "external",
"summary": "1999952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999952"
},
{
"category": "external",
"summary": "2003532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003532"
},
{
"category": "external",
"summary": "2005801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005801"
},
{
"category": "external",
"summary": "2005919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005919"
},
{
"category": "external",
"summary": "2021313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021313"
},
{
"category": "external",
"summary": "2022424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022424"
},
{
"category": "external",
"summary": "2022693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022693"
},
{
"category": "external",
"summary": "2024107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024107"
},
{
"category": "external",
"summary": "2024545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024545"
},
{
"category": "external",
"summary": "2026007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026007"
},
{
"category": "external",
"summary": "2027666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027666"
},
{
"category": "external",
"summary": "2027826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027826"
},
{
"category": "external",
"summary": "2028559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028559"
},
{
"category": "external",
"summary": "2029413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029413"
},
{
"category": "external",
"summary": "2030602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030602"
},
{
"category": "external",
"summary": "2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2030839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030839"
},
{
"category": "external",
"summary": "2031023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031023"
},
{
"category": "external",
"summary": "2031705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031705"
},
{
"category": "external",
"summary": "2032404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032404"
},
{
"category": "external",
"summary": "2032412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032412"
},
{
"category": "external",
"summary": "2032656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032656"
},
{
"category": "external",
"summary": "2032969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032969"
},
{
"category": "external",
"summary": "2032984",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032984"
},
{
"category": "external",
"summary": "2033251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033251"
},
{
"category": "external",
"summary": "2034003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034003"
},
{
"category": "external",
"summary": "2034805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034805"
},
{
"category": "external",
"summary": "2034904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034904"
},
{
"category": "external",
"summary": "2035774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035774"
},
{
"category": "external",
"summary": "2035995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035995"
},
{
"category": "external",
"summary": "2036018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036018"
},
{
"category": "external",
"summary": "2036211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036211"
},
{
"category": "external",
"summary": "2037279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037279"
},
{
"category": "external",
"summary": "2037318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037318"
},
{
"category": "external",
"summary": "2037497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037497"
},
{
"category": "external",
"summary": "2038884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038884"
},
{
"category": "external",
"summary": "2039240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039240"
},
{
"category": "external",
"summary": "2040682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040682"
},
{
"category": "external",
"summary": "2041507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041507"
},
{
"category": "external",
"summary": "2042866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042866"
},
{
"category": "external",
"summary": "2043017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043017"
},
{
"category": "external",
"summary": "2043028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043028"
},
{
"category": "external",
"summary": "2043406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043406"
},
{
"category": "external",
"summary": "2043513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043513"
},
{
"category": "external",
"summary": "2044447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044447"
},
{
"category": "external",
"summary": "2044823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044823"
},
{
"category": "external",
"summary": "2045084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045084"
},
{
"category": "external",
"summary": "2046186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046186"
},
{
"category": "external",
"summary": "2046254",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046254"
},
{
"category": "external",
"summary": "2046677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046677"
},
{
"category": "external",
"summary": "2046766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046766"
},
{
"category": "external",
"summary": "2046887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046887"
},
{
"category": "external",
"summary": "2047162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047162"
},
{
"category": "external",
"summary": "2047201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047201"
},
{
"category": "external",
"summary": "2047562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047562"
},
{
"category": "external",
"summary": "2047565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047565"
},
{
"category": "external",
"summary": "2047625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047625"
},
{
"category": "external",
"summary": "2047632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047632"
},
{
"category": "external",
"summary": "2047642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047642"
},
{
"category": "external",
"summary": "2048107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048107"
},
{
"category": "external",
"summary": "2048370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048370"
},
{
"category": "external",
"summary": "2048458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048458"
},
{
"category": "external",
"summary": "2049029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049029"
},
{
"category": "external",
"summary": "2049075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049075"
},
{
"category": "external",
"summary": "2049081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049081"
},
{
"category": "external",
"summary": "2049424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049424"
},
{
"category": "external",
"summary": "2049509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049509"
},
{
"category": "external",
"summary": "2049718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049718"
},
{
"category": "external",
"summary": "2049727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049727"
},
{
"category": "external",
"summary": "2049771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049771"
},
{
"category": "external",
"summary": "2049790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049790"
},
{
"category": "external",
"summary": "2050056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050056"
},
{
"category": "external",
"summary": "2050142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050142"
},
{
"category": "external",
"summary": "2050402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050402"
},
{
"category": "external",
"summary": "2050483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050483"
},
{
"category": "external",
"summary": "2051249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051249"
},
{
"category": "external",
"summary": "2051406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051406"
},
{
"category": "external",
"summary": "2051599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051599"
},
{
"category": "external",
"summary": "2051913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051913"
},
{
"category": "external",
"summary": "2052027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052027"
},
{
"category": "external",
"summary": "2052438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052438"
},
{
"category": "external",
"summary": "2052937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052937"
},
{
"category": "external",
"summary": "2052996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052996"
},
{
"category": "external",
"summary": "2053156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053156"
},
{
"category": "external",
"summary": "2053517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053517"
},
{
"category": "external",
"summary": "2054147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054147"
},
{
"category": "external",
"summary": "2054755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054755"
},
{
"category": "external",
"summary": "2061251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061251"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1372.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security \u0026 bug fix update",
"tracking": {
"current_release_date": "2026-04-30T16:20:19+00:00",
"generator": {
"date": "2026-04-30T16:20:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2022:1372",
"initial_release_date": "2022-04-13T18:48:58+00:00",
"revision_history": [
{
"date": "2022-04-13T18:48:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-13T18:48:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:20:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHODF 4.10 for RHEL 8",
"product": {
"name": "RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"product_id": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.10.0-35"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"product_id": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.10.0-12"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"product_id": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"product_id": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.10.0-56"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"product_id": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"product_id": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.10.0-58"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"product": {
"name": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"product_id": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.10.0-15"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.10.0-13"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"product": {
"name": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"product_id": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"product_id": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"product_id": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.10.0-16"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"product_id": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"product_id": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.10.0-26"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.10.0-54"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.10.0-11"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"product_id": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.10.0-35"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"product_id": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.10.0-12"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"product_id": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"product_id": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.10.0-56"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"product_id": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"product_id": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.10.0-58"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"product": {
"name": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"product_id": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.10.0-15"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.10.0-13"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"product": {
"name": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"product_id": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"product_id": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"product_id": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.10.0-16"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"product_id": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"product_id": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.10.0-26"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.10.0-54"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857?arch=amd64\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.10.0-11"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"product_id": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.10.0-35"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"product_id": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.10.0-12"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"product_id": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"product_id": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.10.0-56"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"product_id": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"product_id": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.10.0-58"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"product": {
"name": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"product_id": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.10.0-15"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.10.0-13"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"product": {
"name": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"product_id": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"product_id": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"product_id": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.10.0-16"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"product_id": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"product_id": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.10.0-26"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.10.0-54"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.10.0-11"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le"
},
"product_reference": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x"
},
"product_reference": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64"
},
"product_reference": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x"
},
"product_reference": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le"
},
"product_reference": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64"
},
"product_reference": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
},
{
"cve": "CVE-2021-43565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030787"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: empty plaintext packet causes panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43565"
},
{
"category": "external",
"summary": "RHBZ#2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
}
],
"release_date": "2021-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto: empty plaintext packet causes panic"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
}
]
}
RHSA-2022:1734
Vulnerability from csaf_redhat - Published: 2022-05-05 13:49 - Updated: 2026-05-15 02:19Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.1 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)
* golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In the OCI Image Specification version 1.0.1 there is specified a recommendation that both manifest and index documents contain a `mediaType` field to identify the type of document.
5.0 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64 | — |
Vendor Fix
fix
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64 | — |
Threats
Impact
Low
An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols. An attacker can use this vulnerability to craft a file which causes an application using this library to crash resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64 | — |
Vendor Fix
fix
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64 | — |
Vendor Fix
fix
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64 | — |
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64 | — |
Workaround
|
Threats
Impact
Moderate
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.1 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1734",
"url": "https://access.redhat.com/errata/RHSA-2022:1734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html",
"url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"category": "external",
"summary": "2020725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020725"
},
{
"category": "external",
"summary": "2020736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736"
},
{
"category": "external",
"summary": "2024938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2040378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040378"
},
{
"category": "external",
"summary": "2057516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057516"
},
{
"category": "external",
"summary": "2060244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060244"
},
{
"category": "external",
"summary": "2060717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060717"
},
{
"category": "external",
"summary": "2061347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061347"
},
{
"category": "external",
"summary": "2061653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061653"
},
{
"category": "external",
"summary": "2062682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062682"
},
{
"category": "external",
"summary": "2065837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065837"
},
{
"category": "external",
"summary": "2071000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071000"
},
{
"category": "external",
"summary": "2072036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072036"
},
{
"category": "external",
"summary": "2072186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072186"
},
{
"category": "external",
"summary": "2072684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072684"
},
{
"category": "external",
"summary": "2073496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073496"
},
{
"category": "external",
"summary": "2079814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079814"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1734.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-15T02:19:53+00:00",
"generator": {
"date": "2026-05-15T02:19:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:1734",
"initial_release_date": "2022-05-05T13:49:11+00:00",
"revision_history": [
{
"date": "2022-05-05T13:49:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-05T13:49:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:19:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.1-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.1-12"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.1-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.1-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.1-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.1-11"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.1-12"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.1-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.1-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.1-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.1-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.1-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.1-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.1-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.1-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41190",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2024938"
}
],
"notes": [
{
"category": "description",
"text": "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In the OCI Image Specification version 1.0.1 there is specified a recommendation that both manifest and index documents contain a `mediaType` field to identify the type of document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "opencontainers: OCI manifest and index parsing confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As a consequence of the OCI Image Specification (and OCI Distribution Specification [1]), container runtime engines (like containerd, moby - Docker Engine, cri-o) deliver updates to adopt new `mediaType` field used for identification of the document type. Even though some Red Hat products rely on container engine, the impact by this issue is LOW.\n\n[1] https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41190"
},
{
"category": "external",
"summary": "RHBZ#2024938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m",
"url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh",
"url": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh"
}
],
"release_date": "2021-11-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-05T13:49:11+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "opencontainers: OCI manifest and index parsing confusion"
},
{
"cve": "CVE-2021-41771",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2021-11-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2020725"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols. An attacker can use this vulnerability to craft a file which causes an application using this library to crash resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: debug/macho: invalid dynamic symbol table command can cause panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Service Telemetry Framework, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41771"
},
{
"category": "external",
"summary": "RHBZ#2020725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41771"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0fM21h43arc",
"url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc"
}
],
"release_date": "2021-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-05T13:49:11+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: debug/macho: invalid dynamic symbol table command can cause panic"
},
{
"cve": "CVE-2021-41772",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2021-11-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2020736"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go where Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can panic when parsing a crafted ZIP archive containing completely invalid names or an empty filename argument.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Reader.Open panics on empty string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In OpenShift Container Platform multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Platform.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s sg-core-container.\n\n* Because Red Hat Ceph Storage only uses Go\u0027s archive/zip for the Grafana CLI and thus is not directly exploitable, the vulnerability has been rated low for Red Hat Ceph Storage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41772"
},
{
"category": "external",
"summary": "RHBZ#2020736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0fM21h43arc",
"url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc"
}
],
"release_date": "2021-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-05T13:49:11+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1734"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Reader.Open panics on empty string"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-05T13:49:11+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1734"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-05T13:49:11+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1734"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:e7f64457dc1a49e939eee2913365bf9d9f579f361dd4242d27cf53c9553ba027_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:4a2d08b203b67ecb77fc5124b0b5ce0d8f86f4b7ebe24b671017adcf6d0ca1f1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:1dce62d8b58df316fd456cd3dd54890fafec98ccc5e8be53da2b9492fee1cb41_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:a1ed9c4af6a5fcf86e2fcc159889480528eb058779494b27e0e2fce3d6614a96_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:e28bc9ca7aab8c0b852852ff233f70d5c2a21013aaebec167b0330ad296d0a78_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:3303e24aa4a705a7f45e2e47073fbeec3e8a6f9b3139b9c9cc903eeeec5e8a01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:8488bca62c94525c7444b9d0dff3b1576bcb7ea33f7f981040624f91cb15cb1a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:076fb6c39d8585e03ff0c50b4c1c5749eba3d563203f57ef53eaf0083216d678_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7b9f251626bb5faf1feca1aaf639c472006c8cd465eacbb0aa8d7764517e3c01_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:da3fd820cdc9119f1c11cee08e60d8c23163fc095df9d2323067b719737f5cf2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:f9a5ded10973b12e2061e483ebb7dfeef2075342b867a1f1cb0b0f6845d50b62_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a9f5fce792c8454e9f78c2cab93220d3a6844e75ec6c8928b75f63fa9726e0d8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:421f7740293cd2387279c8a2880145b08dff42016231d97ce53083fc89cec635_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:147e33afa29bf56946e165f19fa4e7a100d2c7dfb0ffb8345feff93502e5595f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:28519479e56a100caa07bb19d747fd1c40ea0a45b4fe5ce29b8831ac9de348c7_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:e21279da5fdc7155e085409b1fce12cbafa01a8d74bceb4df2cec76c2e1d67ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
}
]
}
RHSA-2022:6526
Vulnerability from csaf_redhat - Published: 2022-09-14 19:28 - Updated: 2026-05-27 20:32Summary
Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.
7.7 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Threats
Impact
Moderate
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 | — |
Vendor Fix
fix
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 | — |
Threats
Impact
Moderate
References
401 references
Acknowledgments
NCC Group
Oliver Brooks and James Klopchic
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6526",
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1937609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937609"
},
{
"category": "external",
"summary": "1945593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945593"
},
{
"category": "external",
"summary": "1968514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968514"
},
{
"category": "external",
"summary": "1993109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993109"
},
{
"category": "external",
"summary": "1994604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994604"
},
{
"category": "external",
"summary": "2001385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001385"
},
{
"category": "external",
"summary": "2009793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009793"
},
{
"category": "external",
"summary": "2010318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010318"
},
{
"category": "external",
"summary": "2025276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025276"
},
{
"category": "external",
"summary": "2025401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025401"
},
{
"category": "external",
"summary": "2026357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026357"
},
{
"category": "external",
"summary": "2029349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029349"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2031857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031857"
},
{
"category": "external",
"summary": "2033077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033077"
},
{
"category": "external",
"summary": "2035344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035344"
},
{
"category": "external",
"summary": "2036676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036676"
},
{
"category": "external",
"summary": "2039976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039976"
},
{
"category": "external",
"summary": "2040766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040766"
},
{
"category": "external",
"summary": "2041467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041467"
},
{
"category": "external",
"summary": "2042402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042402"
},
{
"category": "external",
"summary": "2042809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042809"
},
{
"category": "external",
"summary": "2045086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045086"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2047186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047186"
},
{
"category": "external",
"summary": "2051899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051899"
},
{
"category": "external",
"summary": "2052094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052094"
},
{
"category": "external",
"summary": "2052466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052466"
},
{
"category": "external",
"summary": "2052689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052689"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2056467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056467"
},
{
"category": "external",
"summary": "2057157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057157"
},
{
"category": "external",
"summary": "2057310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057310"
},
{
"category": "external",
"summary": "2058149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058149"
},
{
"category": "external",
"summary": "2058925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058925"
},
{
"category": "external",
"summary": "2059121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059121"
},
{
"category": "external",
"summary": "2060485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060485"
},
{
"category": "external",
"summary": "2060585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060585"
},
{
"category": "external",
"summary": "2061208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061208"
},
{
"category": "external",
"summary": "2061723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061723"
},
{
"category": "external",
"summary": "2063540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063540"
},
{
"category": "external",
"summary": "2063792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063792"
},
{
"category": "external",
"summary": "2064034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064034"
},
{
"category": "external",
"summary": "2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2064936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064936"
},
{
"category": "external",
"summary": "2065014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065014"
},
{
"category": "external",
"summary": "2065019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065019"
},
{
"category": "external",
"summary": "2066768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066768"
},
{
"category": "external",
"summary": "2067246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067246"
},
{
"category": "external",
"summary": "2069287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069287"
},
{
"category": "external",
"summary": "2069388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069388"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2070864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070864"
},
{
"category": "external",
"summary": "2071488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071488"
},
{
"category": "external",
"summary": "2071549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071549"
},
{
"category": "external",
"summary": "2071611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071611"
},
{
"category": "external",
"summary": "2071921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071921"
},
{
"category": "external",
"summary": "2073669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073669"
},
{
"category": "external",
"summary": "2073679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073679"
},
{
"category": "external",
"summary": "2073982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073982"
},
{
"category": "external",
"summary": "2074337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074337"
},
{
"category": "external",
"summary": "2075200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075200"
},
{
"category": "external",
"summary": "2075409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075409"
},
{
"category": "external",
"summary": "2076292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076292"
},
{
"category": "external",
"summary": "2076379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076379"
},
{
"category": "external",
"summary": "2076790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076790"
},
{
"category": "external",
"summary": "2076908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076908"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2078700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078700"
},
{
"category": "external",
"summary": "2078703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078703"
},
{
"category": "external",
"summary": "2078709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078709"
},
{
"category": "external",
"summary": "2078728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078728"
},
{
"category": "external",
"summary": "2079366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079366"
},
{
"category": "external",
"summary": "2079674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079674"
},
{
"category": "external",
"summary": "2079783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079783"
},
{
"category": "external",
"summary": "2080132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080132"
},
{
"category": "external",
"summary": "2080155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080155"
},
{
"category": "external",
"summary": "2080547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080547"
},
{
"category": "external",
"summary": "2080833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080833"
},
{
"category": "external",
"summary": "2080835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080835"
},
{
"category": "external",
"summary": "2081182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081182"
},
{
"category": "external",
"summary": "2081202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081202"
},
{
"category": "external",
"summary": "2081409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081409"
},
{
"category": "external",
"summary": "2081671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081671"
},
{
"category": "external",
"summary": "2081831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081831"
},
{
"category": "external",
"summary": "2082008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082008"
},
{
"category": "external",
"summary": "2082164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082164"
},
{
"category": "external",
"summary": "2082912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082912"
},
{
"category": "external",
"summary": "2083093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083093"
},
{
"category": "external",
"summary": "2083097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083097"
},
{
"category": "external",
"summary": "2083100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083100"
},
{
"category": "external",
"summary": "2083101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083101"
},
{
"category": "external",
"summary": "2083135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083135"
},
{
"category": "external",
"summary": "2083256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083256"
},
{
"category": "external",
"summary": "2083595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083595"
},
{
"category": "external",
"summary": "2084102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084102"
},
{
"category": "external",
"summary": "2084122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084122"
},
{
"category": "external",
"summary": "2084418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084418"
},
{
"category": "external",
"summary": "2084431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084431"
},
{
"category": "external",
"summary": "2084476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084476"
},
{
"category": "external",
"summary": "2084532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084532"
},
{
"category": "external",
"summary": "2084610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084610"
},
{
"category": "external",
"summary": "2085320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085320"
},
{
"category": "external",
"summary": "2085322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085322"
},
{
"category": "external",
"summary": "2086272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086272"
},
{
"category": "external",
"summary": "2086278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086278"
},
{
"category": "external",
"summary": "2086281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086281"
},
{
"category": "external",
"summary": "2086286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086286"
},
{
"category": "external",
"summary": "2086293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086293"
},
{
"category": "external",
"summary": "2086294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086294"
},
{
"category": "external",
"summary": "2086303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086303"
},
{
"category": "external",
"summary": "2086479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086479"
},
{
"category": "external",
"summary": "2086486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086486"
},
{
"category": "external",
"summary": "2086488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086488"
},
{
"category": "external",
"summary": "2086769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086769"
},
{
"category": "external",
"summary": "2086803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086803"
},
{
"category": "external",
"summary": "2086825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086825"
},
{
"category": "external",
"summary": "2086849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086849"
},
{
"category": "external",
"summary": "2087188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087188"
},
{
"category": "external",
"summary": "2087189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087189"
},
{
"category": "external",
"summary": "2087232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087232"
},
{
"category": "external",
"summary": "2087546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087546"
},
{
"category": "external",
"summary": "2087547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087547"
},
{
"category": "external",
"summary": "2087559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087559"
},
{
"category": "external",
"summary": "2087566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087566"
},
{
"category": "external",
"summary": "2087570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087570"
},
{
"category": "external",
"summary": "2087577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087577"
},
{
"category": "external",
"summary": "2087578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087578"
},
{
"category": "external",
"summary": "2087582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087582"
},
{
"category": "external",
"summary": "2087583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087583"
},
{
"category": "external",
"summary": "2087584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087584"
},
{
"category": "external",
"summary": "2087587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087587"
},
{
"category": "external",
"summary": "2087589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087589"
},
{
"category": "external",
"summary": "2087590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087590"
},
{
"category": "external",
"summary": "2087593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087593"
},
{
"category": "external",
"summary": "2087603",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087603"
},
{
"category": "external",
"summary": "2087616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087616"
},
{
"category": "external",
"summary": "2087701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087701"
},
{
"category": "external",
"summary": "2087717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087717"
},
{
"category": "external",
"summary": "2088034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088034"
},
{
"category": "external",
"summary": "2088355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088355"
},
{
"category": "external",
"summary": "2088361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088361"
},
{
"category": "external",
"summary": "2088379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088379"
},
{
"category": "external",
"summary": "2088407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088407"
},
{
"category": "external",
"summary": "2088471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088471"
},
{
"category": "external",
"summary": "2088472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088472"
},
{
"category": "external",
"summary": "2088477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088477"
},
{
"category": "external",
"summary": "2088849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088849"
},
{
"category": "external",
"summary": "2089078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089078"
},
{
"category": "external",
"summary": "2089271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089271"
},
{
"category": "external",
"summary": "2089327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089327"
},
{
"category": "external",
"summary": "2089376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089376"
},
{
"category": "external",
"summary": "2089477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089477"
},
{
"category": "external",
"summary": "2089700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089700"
},
{
"category": "external",
"summary": "2089745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089745"
},
{
"category": "external",
"summary": "2089789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089789"
},
{
"category": "external",
"summary": "2089825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089825"
},
{
"category": "external",
"summary": "2089836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089836"
},
{
"category": "external",
"summary": "2089840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089840"
},
{
"category": "external",
"summary": "2089877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089877"
},
{
"category": "external",
"summary": "2089932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089932"
},
{
"category": "external",
"summary": "2089942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089942"
},
{
"category": "external",
"summary": "2089954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089954"
},
{
"category": "external",
"summary": "2089963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089963"
},
{
"category": "external",
"summary": "2089967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089967"
},
{
"category": "external",
"summary": "2089970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089970"
},
{
"category": "external",
"summary": "2089972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089972"
},
{
"category": "external",
"summary": "2089979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089979"
},
{
"category": "external",
"summary": "2089982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089982"
},
{
"category": "external",
"summary": "2090035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090035"
},
{
"category": "external",
"summary": "2090036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090036"
},
{
"category": "external",
"summary": "2090037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090037"
},
{
"category": "external",
"summary": "2090038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090038"
},
{
"category": "external",
"summary": "2090042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090042"
},
{
"category": "external",
"summary": "2090043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090043"
},
{
"category": "external",
"summary": "2090046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090046"
},
{
"category": "external",
"summary": "2090048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090048"
},
{
"category": "external",
"summary": "2090054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090054"
},
{
"category": "external",
"summary": "2090055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090055"
},
{
"category": "external",
"summary": "2090056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090056"
},
{
"category": "external",
"summary": "2090057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090057"
},
{
"category": "external",
"summary": "2090059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090059"
},
{
"category": "external",
"summary": "2090064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090064"
},
{
"category": "external",
"summary": "2090066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090066"
},
{
"category": "external",
"summary": "2090068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090068"
},
{
"category": "external",
"summary": "2090131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090131"
},
{
"category": "external",
"summary": "2090350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090350"
},
{
"category": "external",
"summary": "2091003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091003"
},
{
"category": "external",
"summary": "2091058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091058"
},
{
"category": "external",
"summary": "2091309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091309"
},
{
"category": "external",
"summary": "2091406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091406"
},
{
"category": "external",
"summary": "2091754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091754"
},
{
"category": "external",
"summary": "2091755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091755"
},
{
"category": "external",
"summary": "2091756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091756"
},
{
"category": "external",
"summary": "2091758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091758"
},
{
"category": "external",
"summary": "2091760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091760"
},
{
"category": "external",
"summary": "2091761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091761"
},
{
"category": "external",
"summary": "2091762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091762"
},
{
"category": "external",
"summary": "2091764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091764"
},
{
"category": "external",
"summary": "2091765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091765"
},
{
"category": "external",
"summary": "2091766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091766"
},
{
"category": "external",
"summary": "2091853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091853"
},
{
"category": "external",
"summary": "2091863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091863"
},
{
"category": "external",
"summary": "2091868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091868"
},
{
"category": "external",
"summary": "2091889",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091889"
},
{
"category": "external",
"summary": "2091897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091897"
},
{
"category": "external",
"summary": "2091904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091904"
},
{
"category": "external",
"summary": "2091911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091911"
},
{
"category": "external",
"summary": "2091940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091940"
},
{
"category": "external",
"summary": "2091945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091945"
},
{
"category": "external",
"summary": "2091946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091946"
},
{
"category": "external",
"summary": "2091982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091982"
},
{
"category": "external",
"summary": "2092048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092048"
},
{
"category": "external",
"summary": "2092052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092052"
},
{
"category": "external",
"summary": "2092071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092071"
},
{
"category": "external",
"summary": "2092079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092079"
},
{
"category": "external",
"summary": "2092158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092158"
},
{
"category": "external",
"summary": "2092228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092228"
},
{
"category": "external",
"summary": "2092230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092230"
},
{
"category": "external",
"summary": "2092306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092306"
},
{
"category": "external",
"summary": "2092337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092337"
},
{
"category": "external",
"summary": "2092359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092359"
},
{
"category": "external",
"summary": "2092654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092654"
},
{
"category": "external",
"summary": "2092662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092662"
},
{
"category": "external",
"summary": "2092663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092663"
},
{
"category": "external",
"summary": "2092664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092664"
},
{
"category": "external",
"summary": "2092781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092781"
},
{
"category": "external",
"summary": "2092783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092783"
},
{
"category": "external",
"summary": "2092787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092787"
},
{
"category": "external",
"summary": "2092789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092789"
},
{
"category": "external",
"summary": "2092951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092951"
},
{
"category": "external",
"summary": "2093282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093282"
},
{
"category": "external",
"summary": "2093691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093691"
},
{
"category": "external",
"summary": "2093713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093713"
},
{
"category": "external",
"summary": "2093715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093715"
},
{
"category": "external",
"summary": "2093716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093716"
},
{
"category": "external",
"summary": "2093772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093772"
},
{
"category": "external",
"summary": "2093773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093773"
},
{
"category": "external",
"summary": "2093866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093866"
},
{
"category": "external",
"summary": "2093867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093867"
},
{
"category": "external",
"summary": "2094202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
},
{
"category": "external",
"summary": "2094207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094207"
},
{
"category": "external",
"summary": "2094208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094208"
},
{
"category": "external",
"summary": "2094217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094217"
},
{
"category": "external",
"summary": "2094222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094222"
},
{
"category": "external",
"summary": "2094323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094323"
},
{
"category": "external",
"summary": "2094405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094405"
},
{
"category": "external",
"summary": "2094440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094440"
},
{
"category": "external",
"summary": "2094451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094451"
},
{
"category": "external",
"summary": "2094453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094453"
},
{
"category": "external",
"summary": "2094465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094465"
},
{
"category": "external",
"summary": "2094471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094471"
},
{
"category": "external",
"summary": "2094481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094481"
},
{
"category": "external",
"summary": "2094486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094486"
},
{
"category": "external",
"summary": "2094491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094491"
},
{
"category": "external",
"summary": "2094495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094495"
},
{
"category": "external",
"summary": "2094646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094646"
},
{
"category": "external",
"summary": "2094665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094665"
},
{
"category": "external",
"summary": "2094678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094678"
},
{
"category": "external",
"summary": "2094727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094727"
},
{
"category": "external",
"summary": "2094807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094807"
},
{
"category": "external",
"summary": "2094813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094813"
},
{
"category": "external",
"summary": "2094848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094848"
},
{
"category": "external",
"summary": "2095125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095125"
},
{
"category": "external",
"summary": "2095129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095129"
},
{
"category": "external",
"summary": "2095224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095224"
},
{
"category": "external",
"summary": "2095529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095529"
},
{
"category": "external",
"summary": "2095530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095530"
},
{
"category": "external",
"summary": "2095532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095532"
},
{
"category": "external",
"summary": "2095537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095537"
},
{
"category": "external",
"summary": "2095570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095570"
},
{
"category": "external",
"summary": "2095573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095573"
},
{
"category": "external",
"summary": "2095953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095953"
},
{
"category": "external",
"summary": "2095955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095955"
},
{
"category": "external",
"summary": "2096166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096166"
},
{
"category": "external",
"summary": "2096206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096206"
},
{
"category": "external",
"summary": "2096208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096208"
},
{
"category": "external",
"summary": "2096263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096263"
},
{
"category": "external",
"summary": "2096333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096333"
},
{
"category": "external",
"summary": "2096492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096492"
},
{
"category": "external",
"summary": "2096502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096502"
},
{
"category": "external",
"summary": "2096510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096510"
},
{
"category": "external",
"summary": "2096511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096511"
},
{
"category": "external",
"summary": "2096620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096620"
},
{
"category": "external",
"summary": "2096781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096781"
},
{
"category": "external",
"summary": "2096801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096801"
},
{
"category": "external",
"summary": "2096845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096845"
},
{
"category": "external",
"summary": "2097328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097328"
},
{
"category": "external",
"summary": "2097370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097370"
},
{
"category": "external",
"summary": "2097465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097465"
},
{
"category": "external",
"summary": "2097586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
},
{
"category": "external",
"summary": "2098134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098134"
},
{
"category": "external",
"summary": "2098135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098135"
},
{
"category": "external",
"summary": "2098282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098282"
},
{
"category": "external",
"summary": "2099443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099443"
},
{
"category": "external",
"summary": "2099533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099533"
},
{
"category": "external",
"summary": "2099535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099535"
},
{
"category": "external",
"summary": "2099539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099539"
},
{
"category": "external",
"summary": "2099566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099566"
},
{
"category": "external",
"summary": "2099608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099608"
},
{
"category": "external",
"summary": "2099633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099633"
},
{
"category": "external",
"summary": "2099639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099639"
},
{
"category": "external",
"summary": "2099802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099802"
},
{
"category": "external",
"summary": "2100054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100054"
},
{
"category": "external",
"summary": "2100284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100284"
},
{
"category": "external",
"summary": "2100415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100415"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2101164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
},
{
"category": "external",
"summary": "2101192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101192"
},
{
"category": "external",
"summary": "2101430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
},
{
"category": "external",
"summary": "2101454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
},
{
"category": "external",
"summary": "2101485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101485"
},
{
"category": "external",
"summary": "2101628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
},
{
"category": "external",
"summary": "2101954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101954"
},
{
"category": "external",
"summary": "2102076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102076"
},
{
"category": "external",
"summary": "2102116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102116"
},
{
"category": "external",
"summary": "2102117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102117"
},
{
"category": "external",
"summary": "2102122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102122"
},
{
"category": "external",
"summary": "2102124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102124"
},
{
"category": "external",
"summary": "2102125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
},
{
"category": "external",
"summary": "2102127",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102127"
},
{
"category": "external",
"summary": "2102129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102129"
},
{
"category": "external",
"summary": "2102131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102131"
},
{
"category": "external",
"summary": "2102135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102135"
},
{
"category": "external",
"summary": "2102143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102143"
},
{
"category": "external",
"summary": "2102256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
},
{
"category": "external",
"summary": "2102448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
},
{
"category": "external",
"summary": "2102543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102543"
},
{
"category": "external",
"summary": "2102544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102544"
},
{
"category": "external",
"summary": "2102545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102545"
},
{
"category": "external",
"summary": "2104617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104617"
},
{
"category": "external",
"summary": "2106175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
},
{
"category": "external",
"summary": "2106258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106258"
},
{
"category": "external",
"summary": "2110178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110178"
},
{
"category": "external",
"summary": "2111359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111359"
},
{
"category": "external",
"summary": "2111562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111562"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"tracking": {
"current_release_date": "2026-05-27T20:32:27+00:00",
"generator": {
"date": "2026-05-27T20:32:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:6526",
"initial_release_date": "2022-09-14T19:28:51+00:00",
"revision_history": [
{
"date": "2022-09-14T19:28:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-14T19:28:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T20:32:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.11 for RHEL 8",
"product": {
"name": "CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product": {
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product_id": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product_identification_helper": {
"purl": "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/checkup-framework\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.11.0-21"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.11.0-21"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.11.0-83"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.11.0-67"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64"
},
"product_reference": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-27191",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064702"
}
],
"notes": [
{
"category": "description",
"text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crash in a golang.org/x/crypto/ssh server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "RHBZ#2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crash in a golang.org/x/crypto/ssh server"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
}
]
}
RHSA-2023:0407
Vulnerability from csaf_redhat - Published: 2023-01-24 12:51 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update
Severity
Moderate
Notes
Topic: Updated release packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs.
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
88 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated release packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\u00a0This advisory contains OpenShift Virtualization 4.12.0 RPMs.\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0407",
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2089804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0407.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update",
"tracking": {
"current_release_date": "2026-05-30T08:31:03+00:00",
"generator": {
"date": "2026-05-30T08:31:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0407",
"initial_release_date": "2023-01-24T12:51:07+00:00",
"revision_history": [
{
"date": "2023-01-24T12:51:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-24T12:51:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.12 for RHEL 8",
"product": {
"name": "CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
}
}
},
{
"category": "product_name",
"name": "CNV 4.12 for RHEL 7",
"product": {
"name": "CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el7"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-0:4.12.0-1057.el8.src",
"product": {
"name": "kubevirt-0:4.12.0-1057.el8.src",
"product_id": "kubevirt-0:4.12.0-1057.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.12.0-1057.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "kubevirt-0:4.12.0-1057.el7.src",
"product": {
"name": "kubevirt-0:4.12.0-1057.el7.src",
"product_id": "kubevirt-0:4.12.0-1057.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.12.0-1057.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"product_id": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.12.0-1057.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.12.0-1057.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"product_id": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.12.0-1057.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.12.0-1057.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.12.0-1057.el7.src as a component of CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src"
},
"product_reference": "kubevirt-0:4.12.0-1057.el7.src",
"relates_to_product_reference": "7Server-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 as a component of CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 as a component of CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.12.0-1057.el8.src as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src"
},
"product_reference": "kubevirt-0:4.12.0-1057.el8.src",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2023:0408
Vulnerability from csaf_redhat - Published: 2023-01-25 11:11 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
==============
bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Workaround
|
Threats
Impact
Moderate
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.
7.7 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Important
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
References
339 references
Acknowledgments
NCC Group
Oliver Brooks and James Klopchic
Joël Gähwiler
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0408",
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1719190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719190"
},
{
"category": "external",
"summary": "2023393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023393"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2040377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040377"
},
{
"category": "external",
"summary": "2046298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046298"
},
{
"category": "external",
"summary": "2052556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052556"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2060499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060499"
},
{
"category": "external",
"summary": "2069098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069098"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2071491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071491"
},
{
"category": "external",
"summary": "2072797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072797"
},
{
"category": "external",
"summary": "2072821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072821"
},
{
"category": "external",
"summary": "2079916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079916"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2086285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086285"
},
{
"category": "external",
"summary": "2086551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086551"
},
{
"category": "external",
"summary": "2087724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087724"
},
{
"category": "external",
"summary": "2088129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088129"
},
{
"category": "external",
"summary": "2088464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088464"
},
{
"category": "external",
"summary": "2089391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089391"
},
{
"category": "external",
"summary": "2089744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089744"
},
{
"category": "external",
"summary": "2089751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089751"
},
{
"category": "external",
"summary": "2089804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
},
{
"category": "external",
"summary": "2091856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091856"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2092796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092796"
},
{
"category": "external",
"summary": "2093771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093771"
},
{
"category": "external",
"summary": "2093996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093996"
},
{
"category": "external",
"summary": "2094202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
},
{
"category": "external",
"summary": "2096285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096285"
},
{
"category": "external",
"summary": "2096780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096780"
},
{
"category": "external",
"summary": "2097436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097436"
},
{
"category": "external",
"summary": "2097586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
},
{
"category": "external",
"summary": "2099556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099556"
},
{
"category": "external",
"summary": "2099573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099573"
},
{
"category": "external",
"summary": "2099923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099923"
},
{
"category": "external",
"summary": "2100290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100290"
},
{
"category": "external",
"summary": "2100436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100436"
},
{
"category": "external",
"summary": "2100442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100442"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2100629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100629"
},
{
"category": "external",
"summary": "2100679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100679"
},
{
"category": "external",
"summary": "2100682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100682"
},
{
"category": "external",
"summary": "2100684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100684"
},
{
"category": "external",
"summary": "2101144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101144"
},
{
"category": "external",
"summary": "2101164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
},
{
"category": "external",
"summary": "2101167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101167"
},
{
"category": "external",
"summary": "2101333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101333"
},
{
"category": "external",
"summary": "2101335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101335"
},
{
"category": "external",
"summary": "2101390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101390"
},
{
"category": "external",
"summary": "2101394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101394"
},
{
"category": "external",
"summary": "2101423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101423"
},
{
"category": "external",
"summary": "2101430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
},
{
"category": "external",
"summary": "2101445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101445"
},
{
"category": "external",
"summary": "2101454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
},
{
"category": "external",
"summary": "2101499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101499"
},
{
"category": "external",
"summary": "2101501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101501"
},
{
"category": "external",
"summary": "2101628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
},
{
"category": "external",
"summary": "2101667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101667"
},
{
"category": "external",
"summary": "2101681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101681"
},
{
"category": "external",
"summary": "2102074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102074"
},
{
"category": "external",
"summary": "2102125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
},
{
"category": "external",
"summary": "2102132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102132"
},
{
"category": "external",
"summary": "2102138",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102138"
},
{
"category": "external",
"summary": "2102256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
},
{
"category": "external",
"summary": "2102448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
},
{
"category": "external",
"summary": "2102475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102475"
},
{
"category": "external",
"summary": "2102561",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102561"
},
{
"category": "external",
"summary": "2102737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102737"
},
{
"category": "external",
"summary": "2102740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102740"
},
{
"category": "external",
"summary": "2103806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103806"
},
{
"category": "external",
"summary": "2103807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103807"
},
{
"category": "external",
"summary": "2103817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103817"
},
{
"category": "external",
"summary": "2103844",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103844"
},
{
"category": "external",
"summary": "2104331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104331"
},
{
"category": "external",
"summary": "2104402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104402"
},
{
"category": "external",
"summary": "2104422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104422"
},
{
"category": "external",
"summary": "2104424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104424"
},
{
"category": "external",
"summary": "2104479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104479"
},
{
"category": "external",
"summary": "2104480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104480"
},
{
"category": "external",
"summary": "2104785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104785"
},
{
"category": "external",
"summary": "2104859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104859"
},
{
"category": "external",
"summary": "2105257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105257"
},
{
"category": "external",
"summary": "2106175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
},
{
"category": "external",
"summary": "2106963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106963"
},
{
"category": "external",
"summary": "2107279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107279"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2108339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108339"
},
{
"category": "external",
"summary": "2108638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108638"
},
{
"category": "external",
"summary": "2109818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109818"
},
{
"category": "external",
"summary": "2109975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109975"
},
{
"category": "external",
"summary": "2110256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110256"
},
{
"category": "external",
"summary": "2110562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110562"
},
{
"category": "external",
"summary": "2111240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111240"
},
{
"category": "external",
"summary": "2111292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111292"
},
{
"category": "external",
"summary": "2111328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111328"
},
{
"category": "external",
"summary": "2111378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111378"
},
{
"category": "external",
"summary": "2111744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111744"
},
{
"category": "external",
"summary": "2111794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111794"
},
{
"category": "external",
"summary": "2112900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112900"
},
{
"category": "external",
"summary": "2114516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114516"
},
{
"category": "external",
"summary": "2114636",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114636"
},
{
"category": "external",
"summary": "2114683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114683"
},
{
"category": "external",
"summary": "2115257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115257"
},
{
"category": "external",
"summary": "2115258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115258"
},
{
"category": "external",
"summary": "2115280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115280"
},
{
"category": "external",
"summary": "2115769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115769"
},
{
"category": "external",
"summary": "2116225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116225"
},
{
"category": "external",
"summary": "2116644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116644"
},
{
"category": "external",
"summary": "2117549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117549"
},
{
"category": "external",
"summary": "2117803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117803"
},
{
"category": "external",
"summary": "2117813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117813"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "2118257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118257"
},
{
"category": "external",
"summary": "2118823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118823"
},
{
"category": "external",
"summary": "2119069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119069"
},
{
"category": "external",
"summary": "2119128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119128"
},
{
"category": "external",
"summary": "2119309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119309"
},
{
"category": "external",
"summary": "2119615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119615"
},
{
"category": "external",
"summary": "2120907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120907"
},
{
"category": "external",
"summary": "2121320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121320"
},
{
"category": "external",
"summary": "2122236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122236"
},
{
"category": "external",
"summary": "2122990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122990"
},
{
"category": "external",
"summary": "2124147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124147"
},
{
"category": "external",
"summary": "2124307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124307"
},
{
"category": "external",
"summary": "2124528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124528"
},
{
"category": "external",
"summary": "2124555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124555"
},
{
"category": "external",
"summary": "2124557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124557"
},
{
"category": "external",
"summary": "2124558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124558"
},
{
"category": "external",
"summary": "2124565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124565"
},
{
"category": "external",
"summary": "2124572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124572"
},
{
"category": "external",
"summary": "2124582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124582"
},
{
"category": "external",
"summary": "2124594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124594"
},
{
"category": "external",
"summary": "2124597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124597"
},
{
"category": "external",
"summary": "2126104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126104"
},
{
"category": "external",
"summary": "2126397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126397"
},
{
"category": "external",
"summary": "2127787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127787"
},
{
"category": "external",
"summary": "2127843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127843"
},
{
"category": "external",
"summary": "2127931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127931"
},
{
"category": "external",
"summary": "2127947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127947"
},
{
"category": "external",
"summary": "2128002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128002"
},
{
"category": "external",
"summary": "2128107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128107"
},
{
"category": "external",
"summary": "2128872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128872"
},
{
"category": "external",
"summary": "2128948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128948"
},
{
"category": "external",
"summary": "2128949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128949"
},
{
"category": "external",
"summary": "2128997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128997"
},
{
"category": "external",
"summary": "2129013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129013"
},
{
"category": "external",
"summary": "2129234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129234"
},
{
"category": "external",
"summary": "2129301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129301"
},
{
"category": "external",
"summary": "2129870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129870"
},
{
"category": "external",
"summary": "2130509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130509"
},
{
"category": "external",
"summary": "2130588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130588"
},
{
"category": "external",
"summary": "2130695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130695"
},
{
"category": "external",
"summary": "2130909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130909"
},
{
"category": "external",
"summary": "2131157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131157"
},
{
"category": "external",
"summary": "2131165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131165"
},
{
"category": "external",
"summary": "2131674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131674"
},
{
"category": "external",
"summary": "2132031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132031"
},
{
"category": "external",
"summary": "2132682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132682"
},
{
"category": "external",
"summary": "2132721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132721"
},
{
"category": "external",
"summary": "2132744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132744"
},
{
"category": "external",
"summary": "2132746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132746"
},
{
"category": "external",
"summary": "2132783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132783"
},
{
"category": "external",
"summary": "2132793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132793"
},
{
"category": "external",
"summary": "2132932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132932"
},
{
"category": "external",
"summary": "2133540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133540"
},
{
"category": "external",
"summary": "2133541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133541"
},
{
"category": "external",
"summary": "2133542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133542"
},
{
"category": "external",
"summary": "2133543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133543"
},
{
"category": "external",
"summary": "2133655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133655"
},
{
"category": "external",
"summary": "2133656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133656"
},
{
"category": "external",
"summary": "2133659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133659"
},
{
"category": "external",
"summary": "2133660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133660"
},
{
"category": "external",
"summary": "2134123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134123"
},
{
"category": "external",
"summary": "2134672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134672"
},
{
"category": "external",
"summary": "2134825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134825"
},
{
"category": "external",
"summary": "2135805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135805"
},
{
"category": "external",
"summary": "2136051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136051"
},
{
"category": "external",
"summary": "2136425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136425"
},
{
"category": "external",
"summary": "2136534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136534"
},
{
"category": "external",
"summary": "2137123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137123"
},
{
"category": "external",
"summary": "2137241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137241"
},
{
"category": "external",
"summary": "2137243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137243"
},
{
"category": "external",
"summary": "2137349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137349"
},
{
"category": "external",
"summary": "2137591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137591"
},
{
"category": "external",
"summary": "2137731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137731"
},
{
"category": "external",
"summary": "2137733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137733"
},
{
"category": "external",
"summary": "2137736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137736"
},
{
"category": "external",
"summary": "2137896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137896"
},
{
"category": "external",
"summary": "2138112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138112"
},
{
"category": "external",
"summary": "2138119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138119"
},
{
"category": "external",
"summary": "2138199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138199"
},
{
"category": "external",
"summary": "2138653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138653"
},
{
"category": "external",
"summary": "2138657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138657"
},
{
"category": "external",
"summary": "2138664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138664"
},
{
"category": "external",
"summary": "2139257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139257"
},
{
"category": "external",
"summary": "2139260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139260"
},
{
"category": "external",
"summary": "2139293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139293"
},
{
"category": "external",
"summary": "2139296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139296"
},
{
"category": "external",
"summary": "2139299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139299"
},
{
"category": "external",
"summary": "2139306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139306"
},
{
"category": "external",
"summary": "2139479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139479"
},
{
"category": "external",
"summary": "2139574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139574"
},
{
"category": "external",
"summary": "2139651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139651"
},
{
"category": "external",
"summary": "2139687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139687"
},
{
"category": "external",
"summary": "2139738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139738"
},
{
"category": "external",
"summary": "2139820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139820"
},
{
"category": "external",
"summary": "2140117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140117"
},
{
"category": "external",
"summary": "2140521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140521"
},
{
"category": "external",
"summary": "2140534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140534"
},
{
"category": "external",
"summary": "2140627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140627"
},
{
"category": "external",
"summary": "2140730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140730"
},
{
"category": "external",
"summary": "2140808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140808"
},
{
"category": "external",
"summary": "2140977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140977"
},
{
"category": "external",
"summary": "2140982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140982"
},
{
"category": "external",
"summary": "2140998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140998"
},
{
"category": "external",
"summary": "2141089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141089"
},
{
"category": "external",
"summary": "2141302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141302"
},
{
"category": "external",
"summary": "2141399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141399"
},
{
"category": "external",
"summary": "2141494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141494"
},
{
"category": "external",
"summary": "2141654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141654"
},
{
"category": "external",
"summary": "2141711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141711"
},
{
"category": "external",
"summary": "2142468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142468"
},
{
"category": "external",
"summary": "2142470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142470"
},
{
"category": "external",
"summary": "2142511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142511"
},
{
"category": "external",
"summary": "2142647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142647"
},
{
"category": "external",
"summary": "2142891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142891"
},
{
"category": "external",
"summary": "2142929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142929"
},
{
"category": "external",
"summary": "2143268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143268"
},
{
"category": "external",
"summary": "2143498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143498"
},
{
"category": "external",
"summary": "2143964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143964"
},
{
"category": "external",
"summary": "2144580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144580"
},
{
"category": "external",
"summary": "2144828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144828"
},
{
"category": "external",
"summary": "2144839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144839"
},
{
"category": "external",
"summary": "2153849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153849"
},
{
"category": "external",
"summary": "2155757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155757"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update",
"tracking": {
"current_release_date": "2026-05-30T08:31:03+00:00",
"generator": {
"date": "2026-05-30T08:31:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0408",
"initial_release_date": "2023-01-25T11:11:29+00:00",
"revision_history": [
{
"date": "2023-01-25T11:11:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-25T11:11:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.12 for RHEL 8",
"product": {
"name": "CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.12.0-58"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.12.0-769"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.12.0-30"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.12.0-30"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.12.0-31"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.12.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.12.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.12.0-182"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.12.0-64"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.12.0-40"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.12.0-32"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.12.0-71"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product": {
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product_id": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product": {
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product_id": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.12.0-10"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.12.0-89"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64"
},
"product_reference": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64"
},
"product_reference": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
SSA-744259
Vulnerability from csaf_siemens - Published: 2023-02-14 00:00 - Updated: 2023-02-14 00:00Summary
SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1
Notes
Summary: Siemens has released a new version for Brownfield Connectivity - Gateway that contains fixes for multiple vulnerabilities in the underlying Golang implementation. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS).
Siemens has released an update for Brownfield Connectivity - Gateway and recommends to update to the latest version.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
CWE-668
- Exposure of Resource to Wrong Sphere
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
V1.10.1 |
Vendor Fix
|
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
CWE-295
- Improper Certificate Validation
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
V1.10.1 |
Vendor Fix
|
CWE-20
- Improper Input Validation
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
< V1.10 |
Vendor Fix
|
|
|
Brownfield Connectivity - Gateway
Siemens / Brownfield Connectivity - Gateway
|
V1.10.1 |
Vendor Fix
|
References
3 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Siemens has released a new version for Brownfield Connectivity - Gateway that contains fixes for multiple vulnerabilities in the underlying Golang implementation. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS).\n\nSiemens has released an update for Brownfield Connectivity - Gateway and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
},
{
"category": "self",
"summary": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-744259.txt"
},
{
"category": "self",
"summary": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-744259.json"
}
],
"title": "SSA-744259: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.1",
"tracking": {
"current_release_date": "2023-02-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-744259",
"initial_release_date": "2023-02-14T00:00:00Z",
"revision_history": [
{
"date": "2023-02-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V1.10",
"product": {
"name": "Brownfield Connectivity - Gateway",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "V1.10.1",
"product": {
"name": "Brownfield Connectivity - Gateway",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Brownfield Connectivity - Gateway"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-41771",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-41771"
},
{
"cve": "CVE-2021-41772",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-41772"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-24921"
},
{
"cve": "CVE-2022-27536",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2022-27536"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V1.11 or later version\nContact customer support to obtain the update \u003chttps://support.industry.siemens.com/cs/de/de/view/109801700\u003e",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2022-28327"
}
]
}
SUSE-SU-2021:4169-1
Vulnerability from csaf_suse - Published: 2021-12-23 08:53 - Updated: 2021-12-23 08:53Summary
Security update for go1.16
Severity
Moderate
Notes
Title of the patch: Security update for go1.16
Description of the patch: This update for go1.16 fixes the following issues:
Updated to upstream version 1.16.12 to include security fixes to the compiler,
syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345)
- CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598).
- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).
Patchnames: SUSE-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4169,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4169,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4169,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4169,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4169,SUSE-Storage-7-2021-4169
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.16 fixes the following issues:\n\nUpdated to upstream version 1.16.12 to include security fixes to the compiler,\nsyscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345)\n\n- CVE-2021-44717: syscall: don\u0027t close fd 0 on ForkExec error (bsc#1193598).\n- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4169,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4169,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4169,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4169,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4169,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4169,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4169,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4169,SUSE-Storage-7-2021-4169",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4169-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:4169-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214169-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:4169-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009938.html"
},
{
"category": "self",
"summary": "SUSE Bug 1182345",
"url": "https://bugzilla.suse.com/1182345"
},
{
"category": "self",
"summary": "SUSE Bug 1193597",
"url": "https://bugzilla.suse.com/1193597"
},
{
"category": "self",
"summary": "SUSE Bug 1193598",
"url": "https://bugzilla.suse.com/1193598"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44716 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44717 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44717/"
}
],
"title": "Security update for go1.16",
"tracking": {
"current_release_date": "2021-12-23T08:53:15Z",
"generator": {
"date": "2021-12-23T08:53:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:4169-1",
"initial_release_date": "2021-12-23T08:53:15Z",
"revision_history": [
{
"date": "2021-12-23T08:53:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.12-1.37.2.aarch64",
"product": {
"name": "go1.16-1.16.12-1.37.2.aarch64",
"product_id": "go1.16-1.16.12-1.37.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.12-1.37.2.aarch64",
"product": {
"name": "go1.16-doc-1.16.12-1.37.2.aarch64",
"product_id": "go1.16-doc-1.16.12-1.37.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.12-1.37.2.aarch64",
"product": {
"name": "go1.16-race-1.16.12-1.37.2.aarch64",
"product_id": "go1.16-race-1.16.12-1.37.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.12-1.37.2.i586",
"product": {
"name": "go1.16-1.16.12-1.37.2.i586",
"product_id": "go1.16-1.16.12-1.37.2.i586"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.12-1.37.2.i586",
"product": {
"name": "go1.16-doc-1.16.12-1.37.2.i586",
"product_id": "go1.16-doc-1.16.12-1.37.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.12-1.37.2.ppc64le",
"product": {
"name": "go1.16-1.16.12-1.37.2.ppc64le",
"product_id": "go1.16-1.16.12-1.37.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.12-1.37.2.ppc64le",
"product": {
"name": "go1.16-doc-1.16.12-1.37.2.ppc64le",
"product_id": "go1.16-doc-1.16.12-1.37.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.12-1.37.2.s390x",
"product": {
"name": "go1.16-1.16.12-1.37.2.s390x",
"product_id": "go1.16-1.16.12-1.37.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.12-1.37.2.s390x",
"product": {
"name": "go1.16-doc-1.16.12-1.37.2.s390x",
"product_id": "go1.16-doc-1.16.12-1.37.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.12-1.37.2.x86_64",
"product": {
"name": "go1.16-1.16.12-1.37.2.x86_64",
"product_id": "go1.16-1.16.12-1.37.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.12-1.37.2.x86_64",
"product": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64",
"product_id": "go1.16-doc-1.16.12-1.37.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.12-1.37.2.x86_64",
"product": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64",
"product_id": "go1.16-race-1.16.12-1.37.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.12-1.37.2.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.12-1.37.2.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-doc-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.12-1.37.2.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64"
},
"product_reference": "go1.16-race-1.16.12-1.37.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44716"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://www.suse.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "SUSE Bug 1193597 for CVE-2021-44716",
"url": "https://bugzilla.suse.com/1193597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T08:53:15Z",
"details": "important"
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44717"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44717",
"url": "https://www.suse.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "SUSE Bug 1193598 for CVE-2021-44717",
"url": "https://bugzilla.suse.com/1193598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Enterprise Storage 7:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Proxy 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.ppc64le",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.s390x",
"SUSE Manager Server 4.1:go1.16-doc-1.16.12-1.37.2.x86_64",
"SUSE Manager Server 4.1:go1.16-race-1.16.12-1.37.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T08:53:15Z",
"details": "moderate"
}
],
"title": "CVE-2021-44717"
}
]
}
SUSE-SU-2021:4186-1
Vulnerability from csaf_suse - Published: 2021-12-23 11:36 - Updated: 2021-12-23 11:36Summary
Security update for go1.17
Severity
Moderate
Notes
Title of the patch: Security update for go1.17
Description of the patch: This update for go1.17 fixes the following issues:
Updated to upstream version 1.17.5 to include fixes to the compiler, linker,
syscall, runtime, the net/http, go/types, and time packages (bsc#1190649)
- CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598).
- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).
Patchnames: SUSE-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4186,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4186,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4186,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4186,SUSE-Storage-7-2021-4186
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
69 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.17",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.17 fixes the following issues:\n\nUpdated to upstream version 1.17.5 to include fixes to the compiler, linker,\nsyscall, runtime, the net/http, go/types, and time packages (bsc#1190649)\n\n- CVE-2021-44717: syscall: don\u0027t close fd 0 on ForkExec error (bsc#1193598).\n- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP2-2021-4186,SUSE-SLE-Module-Development-Tools-15-SP3-2021-4186,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4186,SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4186,SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4186,SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4186,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4186,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4186,SUSE-Storage-7-2021-4186",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_4186-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:4186-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20214186-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:4186-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009942.html"
},
{
"category": "self",
"summary": "SUSE Bug 1190649",
"url": "https://bugzilla.suse.com/1190649"
},
{
"category": "self",
"summary": "SUSE Bug 1193597",
"url": "https://bugzilla.suse.com/1193597"
},
{
"category": "self",
"summary": "SUSE Bug 1193598",
"url": "https://bugzilla.suse.com/1193598"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44716 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44717 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44717/"
}
],
"title": "Security update for go1.17",
"tracking": {
"current_release_date": "2021-12-23T11:36:19Z",
"generator": {
"date": "2021-12-23T11:36:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:4186-1",
"initial_release_date": "2021-12-23T11:36:19Z",
"revision_history": [
{
"date": "2021-12-23T11:36:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.5-1.14.2.aarch64",
"product": {
"name": "go1.17-1.17.5-1.14.2.aarch64",
"product_id": "go1.17-1.17.5-1.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.5-1.14.2.aarch64",
"product": {
"name": "go1.17-doc-1.17.5-1.14.2.aarch64",
"product_id": "go1.17-doc-1.17.5-1.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.5-1.14.2.aarch64",
"product": {
"name": "go1.17-race-1.17.5-1.14.2.aarch64",
"product_id": "go1.17-race-1.17.5-1.14.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.5-1.14.2.i586",
"product": {
"name": "go1.17-1.17.5-1.14.2.i586",
"product_id": "go1.17-1.17.5-1.14.2.i586"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.5-1.14.2.i586",
"product": {
"name": "go1.17-doc-1.17.5-1.14.2.i586",
"product_id": "go1.17-doc-1.17.5-1.14.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.5-1.14.2.ppc64le",
"product": {
"name": "go1.17-1.17.5-1.14.2.ppc64le",
"product_id": "go1.17-1.17.5-1.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.5-1.14.2.ppc64le",
"product": {
"name": "go1.17-doc-1.17.5-1.14.2.ppc64le",
"product_id": "go1.17-doc-1.17.5-1.14.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.5-1.14.2.s390x",
"product": {
"name": "go1.17-1.17.5-1.14.2.s390x",
"product_id": "go1.17-1.17.5-1.14.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.5-1.14.2.s390x",
"product": {
"name": "go1.17-doc-1.17.5-1.14.2.s390x",
"product_id": "go1.17-doc-1.17.5-1.14.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.17-1.17.5-1.14.2.x86_64",
"product": {
"name": "go1.17-1.17.5-1.14.2.x86_64",
"product_id": "go1.17-1.17.5-1.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-doc-1.17.5-1.14.2.x86_64",
"product": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64",
"product_id": "go1.17-doc-1.17.5-1.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.17-race-1.17.5-1.14.2.x86_64",
"product": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64",
"product_id": "go1.17-race-1.17.5-1.14.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-1.17.5-1.14.2.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-doc-1.17.5-1.14.2.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-doc-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.17-race-1.17.5-1.14.2.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64"
},
"product_reference": "go1.17-race-1.17.5-1.14.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44716"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://www.suse.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "SUSE Bug 1193597 for CVE-2021-44716",
"url": "https://bugzilla.suse.com/1193597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T11:36:19Z",
"details": "important"
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44717"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44717",
"url": "https://www.suse.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "SUSE Bug 1193598 for CVE-2021-44717",
"url": "https://bugzilla.suse.com/1193598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Enterprise Storage 7:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Proxy 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Retail Branch Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.ppc64le",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.s390x",
"SUSE Manager Server 4.1:go1.17-doc-1.17.5-1.14.2.x86_64",
"SUSE Manager Server 4.1:go1.17-race-1.17.5-1.14.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-23T11:36:19Z",
"details": "moderate"
}
],
"title": "CVE-2021-44717"
}
]
}
WID-SEC-W-2022-0967
Vulnerability from csaf_certbund - Published: 2021-12-16 23:00 - Updated: 2024-05-30 22:00Summary
Red Hat Enterprise Linux (go-toolset): Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Oracle Linux ist ein Open Source Betriebssystem, welches unter der GNU General Public License (GPL) verfügbar ist.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und Oracle Linux ausnutzen, um einen Denial of Service Angriff durchzuführen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- UNIX
Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im "go-toolset". Der Fehler besteht aufgrund eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herzustellen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux 8
Oracle / Linux
|
cpe:/o:oracle:linux:8:-
|
8 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— |
Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im "go-toolset". Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux 8
Oracle / Linux
|
cpe:/o:oracle:linux:8:-
|
8 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— |
References
33 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nOracle Linux ist ein Open Source Betriebssystem, welches unter der GNU General Public License (GPL) verf\u00fcgbar ist.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und Oracle Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0967 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0967.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0967 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0967"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2021-12-16",
"url": "https://access.redhat.com/errata/RHSA-2021:5176"
},
{
"category": "external",
"summary": "Oracle Security Advisory vom 2021-12-16",
"url": "https://linux.oracle.com/errata/ELSA-2021-5160.html"
},
{
"category": "external",
"summary": "Hashicorp Security Bulletin HCSEC-2021-34 vom 2021-12-23",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-34-vault-consul-boundary-and-waypoint-affected-by-denial-of-service-in-golang-s-net-http-cve-2021-44716/33527"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:4186-1 vom 2021-12-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009942.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:4169-1 vom 2021-12-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009938.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0002 vom 2022-01-03",
"url": "https://access.redhat.com/errata/RHSA-2022:0002"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0001 vom 2022-01-03",
"url": "https://access.redhat.com/errata/RHSA-2022:0001"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-0001 vom 2022-01-04",
"url": "http://linux.oracle.com/errata/ELSA-2022-0001.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0163 vom 2022-01-18",
"url": "https://access.redhat.com/errata/RHSA-2022:0163"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0237 vom 2022-01-24",
"url": "https://access.redhat.com/errata/RHSA-2022:0237"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0260 vom 2022-01-25",
"url": "https://access.redhat.com/errata/RHSA-2022:0260"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-009 vom 2022-01-27",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-009.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0585 vom 2022-02-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0585"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0587 vom 2022-02-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0587"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0055 vom 2022-03-10",
"url": "https://access.redhat.com/errata/RHSA-2022:0055"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10",
"url": "https://access.redhat.com/errata/RHSA-2022:0056"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0855 vom 2022-03-15",
"url": "https://access.redhat.com/errata/RHSA-2022:0855"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0842 vom 2022-03-14",
"url": "https://access.redhat.com/errata/RHSA-2022:0842"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0947 vom 2022-03-16",
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:0927 vom 2022-03-21",
"url": "https://access.redhat.com/errata/RHSA-2022:0927"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1056 vom 2022-03-24",
"url": "https://access.redhat.com/errata/RHSA-2022:1056"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1051 vom 2022-03-24",
"url": "https://access.redhat.com/errata/RHSA-2022:1051"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1361 vom 2022-04-13",
"url": "https://access.redhat.com/errata/RHSA-2022:1361"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1372 vom 2022-04-14",
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1628 vom 2022-04-27",
"url": "https://access.redhat.com/errata/RHSA-2022:1628"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1776 vom 2022-04-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1776.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1734 vom 2022-05-05",
"url": "https://access.redhat.com/errata/RHSA-2022:1734"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3338-1 vom 2022-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012332.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0407 vom 2023-01-24",
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (go-toolset): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-30T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:33:02.116+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0967",
"initial_release_date": "2021-12-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-12-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-12-21T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: FEDORA-2021-29943703DE, FEDORA-2021-6FDC5EA304"
},
{
"date": "2021-12-22T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Hashicorp aufgenommen"
},
{
"date": "2021-12-23T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-01-02T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-04T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-01-18T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-19T23:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-C6AE206BE7"
},
{
"date": "2022-01-20T23:00:00.000+00:00",
"number": "9",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-6E6B59A682"
},
{
"date": "2022-01-24T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-25T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-01-27T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-02-21T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-03-10T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-03-14T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-03-16T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-03-21T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-03-24T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-04-13T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-04-27T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat und Amazon aufgenommen"
},
{
"date": "2022-05-05T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2022-09-22T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-01-24T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "25"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.7.8",
"product": {
"name": "Hashicorp Vault \u003c1.7.8",
"product_id": "T021425"
}
},
{
"category": "product_version_range",
"name": "\u003c1.8.7",
"product": {
"name": "Hashicorp Vault \u003c1.8.7",
"product_id": "T021426"
}
},
{
"category": "product_version_range",
"name": "\u003c1.9.2",
"product": {
"name": "Hashicorp Vault \u003c1.9.2",
"product_id": "T021427"
}
}
],
"category": "product_name",
"name": "Vault"
}
],
"category": "vendor",
"name": "Hashicorp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8",
"product": {
"name": "Oracle Linux 8",
"product_id": "664006",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:8:-"
}
}
}
],
"category": "product_name",
"name": "Linux"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44716",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im \"go-toolset\". Der Fehler besteht aufgrund eines unkontrollierten Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T008027",
"T002207",
"67646",
"664006",
"398363",
"T012167"
]
},
"release_date": "2021-12-16T23:00:00.000+00:00",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux und Oracle Linux im \"go-toolset\". Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T008027",
"T002207",
"67646",
"664006",
"398363",
"T012167"
]
},
"release_date": "2021-12-16T23:00:00.000+00:00",
"title": "CVE-2021-44717"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…