- Vulnerability/
- RHSA-2020:5649
RHSA-2020:5649: Low: Red Hat OpenShift Service Mesh 1.1.11 security update
First published: Tue Dec 22 2020(Updated: )
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.<br>Security Fix(es):<br><li> golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)</li> <li> golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ior | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-cni | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-grafana | <6.4.3-19.el8 | 6.4.3-19.el8 |
| redhat/servicemesh-operator | <1.1.11-3.el8 | 1.1.11-3.el8 |
| redhat/servicemesh-prometheus | <2.14.0-20.el8 | 2.14.0-20.el8 |
| redhat/ior | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-citadel | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-cni | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-galley | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-grafana | <6.4.3-19.el8 | 6.4.3-19.el8 |
| redhat/servicemesh-grafana-prometheus | <6.4.3-19.el8 | 6.4.3-19.el8 |
| redhat/servicemesh-istioctl | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-mixc | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-mixs | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-operator | <1.1.11-3.el8 | 1.1.11-3.el8 |
| redhat/servicemesh-pilot-agent | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-pilot-discovery | <1.1.11-2.el8 | 1.1.11-2.el8 |
| redhat/servicemesh-prometheus | <2.14.0-20.el8 | 2.14.0-20.el8 |
| redhat/servicemesh-sidecar-injector | <1.1.11-2.el8 | 1.1.11-2.el8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2020:5649?
The severity of RHSA-2020:5649 is categorized as moderate.
How do I fix RHSA-2020:5649?
To fix RHSA-2020:5649, update the affected packages to the recommended versions specified in the advisory.
What software is affected by RHSA-2020:5649?
RHSA-2020:5649 affects several Red Hat OpenShift Service Mesh packages including servicemesh, servicemesh-operator, and servicemesh-prometheus.
Is RHSA-2020:5649 related to security vulnerabilities?
Yes, RHSA-2020:5649 addresses security vulnerabilities related to a data race in certain net/http servers.
What should I do if I cannot apply the update for RHSA-2020:5649?
If you cannot apply the update for RHSA-2020:5649, consider implementing mitigation strategies while working towards an update.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2020:5649
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/event
- agent/source
- package-manager/redhat