- Vulnerability/
- RHSA-2020:3369
RHSA-2020:3369: Moderate: Red Hat OpenShift Service Mesh security update
First published: Thu Aug 06 2020(Updated: )
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.<br>Security Fix(es):<br><li> golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)</li> <li> nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)</li> <li> jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)</li> <li> macaron: open redirect in the static handler (CVE-2020-12666)</li> <li> golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ior | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-cni | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-grafana | <6.4.3-13.el8 | 6.4.3-13.el8 |
| redhat/servicemesh-operator | <1.1.6-2.el8 | 1.1.6-2.el8 |
| redhat/servicemesh-prometheus | <2.14.0-14.el8 | 2.14.0-14.el8 |
| redhat/ior | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-citadel | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-cni | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-galley | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-grafana | <6.4.3-13.el8 | 6.4.3-13.el8 |
| redhat/servicemesh-grafana-prometheus | <6.4.3-13.el8 | 6.4.3-13.el8 |
| redhat/servicemesh-istioctl | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-mixc | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-mixs | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-operator | <1.1.6-2.el8 | 1.1.6-2.el8 |
| redhat/servicemesh-pilot-agent | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-pilot-discovery | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/servicemesh-prometheus | <2.14.0-14.el8 | 2.14.0-14.el8 |
| redhat/servicemesh-sidecar-injector | <1.1.6-1.el8 | 1.1.6-1.el8 |
| redhat/kiali-v1.12.10.redhat2 | <1.el7 | 1.el7 |
| redhat/kiali-v1.12.10.redhat2 | <1.el7 | 1.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1804533
- https://bugzilla.redhat.com/show_bug.cgi?id=1850004
- https://bugzilla.redhat.com/show_bug.cgi?id=1850034
- https://bugzilla.redhat.com/show_bug.cgi?id=1853652
- https://bugzilla.redhat.com/show_bug.cgi?id=1857412
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2020:3369 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2020:3369
- agent/software-canonical-lookup
- package-manager/redhat