- Vulnerability/
- RHSA-2021:5085
RHSA-2021:5085: Moderate: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update
First published: Mon Dec 13 2021(Updated: )
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.<br>Security Fix(es):<br><li> kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (CVE-2020-8565)</li> <li> golang: net: lookup functions may return invalid host names (CVE-2021-33195)</li> <li> golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)</li> <li> golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)</li> <li> golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>These updated Multicloud Object Gateway command line (mcg) packages<br>include numerous bug fixes and enhancements. Space precludes documenting<br>all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most<br>significant of these changes:<br><a href="https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.9/html/4.9_release_notes/index" target="_blank">https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.9/html/4.9_release_notes/index</a> All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/mcg | <5.9.0-28.61dcf87.5.9.el8 | 5.9.0-28.61dcf87.5.9.el8 |
| redhat/mcg | <5.9.0-28.61dcf87.5.9.el8 | 5.9.0-28.61dcf87.5.9.el8 |
| redhat/mcg | <5.9.0-28.61dcf87.5.9.el8 | 5.9.0-28.61dcf87.5.9.el8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1886638
- https://bugzilla.redhat.com/show_bug.cgi?id=1983596
- https://bugzilla.redhat.com/show_bug.cgi?id=1989564
- https://bugzilla.redhat.com/show_bug.cgi?id=1989570
- https://bugzilla.redhat.com/show_bug.cgi?id=1989575
- https://bugzilla.redhat.com/show_bug.cgi?id=1996033
- https://bugzilla.redhat.com/show_bug.cgi?id=1998680
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2021:5085 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2021:5085
- agent/software-canonical-lookup
- package-manager/redhat