First published: Thu Dec 17 2020(Updated: )
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.<br>These updated images include numerous security fixes, bug fixes, and enhancements. <br>Security Fix(es):<br><li> nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)</li> <li> nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237)</li> <li> golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)</li> <li> golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)</li> <li> golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:<br><a href="https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index</a> All Red Hat OpenShift Container Storage users are advised to upgrade to<br>these updated images.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.