RHSA-2022:6346: Moderate: RHSA: Submariner 0.13 - security and enhancement update

First published: Tue Sep 06 2022(Updated: )

Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.<br>For more information about Submariner, see the Submariner open source community website at: <a href="https://submariner.io/." target="_blank">https://submariner.io/.</a> This advisory contains bug fixes and enhancements to the Submariner container images.<br>Security fixes:<br><li> CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS</li> <li> CVE-2022-1705 golang: net/<a href="http:" target="_blank">http:</a> improper sanitization of Transfer-Encoding header</li> <li> CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions</li> <li> CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip</li> <li> CVE-2022-30630 golang: io/fs: stack exhaustion in Glob</li> <li> CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read</li> <li> CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob</li> <li> CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal</li> <li> CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode</li> <li> CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working</li> <li> CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add</li>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2022:6346
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type