First published: Thu Dec 17 2020(Updated: )
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.<br>These updated packages include numerous security fixes, bug fixes, and<br>enhancements.<br>Security Fix(es):<br><li> golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)</li> <li> golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)</li> <li> golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>These updated packages include numerous bug fixes and enhancements. Users are<br>directed to the Red Hat OpenShift Container Storage Release Notes for<br>information on the most significant of these changes:<br><a href="https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index" target="_blank">https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index</a> All Red Hat OpenShift Container Storage users are advised to upgrade to these<br>updated packages.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/mcg | <5.6.0-39.2279a46.5.6.el8 | 5.6.0-39.2279a46.5.6.el8 |
redhat/tini | <0.18.0-5.el8 | 0.18.0-5.el8 |
redhat/mcg | <5.6.0-39.2279a46.5.6.el8 | 5.6.0-39.2279a46.5.6.el8 |
redhat/tini | <0.18.0-5.el8 | 0.18.0-5.el8 |
redhat/mcg | <5.6.0-39.2279a46.5.6.el8 | 5.6.0-39.2279a46.5.6.el8 |
redhat/tini | <0.18.0-5.el8 | 0.18.0-5.el8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.