-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform 16.1.9 (protobuf) security update Advisory ID: RHSA-2022:8860-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:8860 Issue date: 2022-12-07 CVE Names: CVE-2021-22570 ===================================================================== 1. Summary: An update for protobuf is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - noarch 3. Description: Security Fix(es): * Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference 6. Package List: Red Hat OpenStack Platform 16.1: Source: protobuf-3.6.1-6.el8ost.src.rpm noarch: python3-protobuf-3.6.1-6.el8ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: protobuf-3.6.1-6.el8ost.src.rpm noarch: python3-protobuf-3.6.1-6.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22570 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5FpZdzjgjWX9erEAQgwlg//cDqrSrqDF6yk6gqHR5HCttaLtmweRXLo HVveKWZx0PLNIrWRXWul3Y/oriE97SSWLTCU8ITmji5jjNHijTtYqd6eFjg+VFSS 2sZZZisKdlLtBSHW58nj4HrLF2sZZmBUHTp+PlY8RILYSQxZmsedki5cOrM17Hrc hD/bFYF43GdJVtolvHZIYKANnBPlXus9WlcBatoyQzvJ3gYPBhjLcfAgLzfVv8YR bj68Lb5lEcGMC1bIPPF1K4u+23WhUHhKrDLd5lOjjjVk9vyuwF9W2E0XLypx616d F+jdMJF6gpOsayi3j2Ey0qm2hWPoZu4BgtfCnP/y/twBDYema8dKLW1VRlnLN4qF HkxKeSTZhncTFLGsm6fPC/o8aukH7/ADro9DPHuX/T2+Sy4K2oey4atbRa7/W38x ooy9DeN2kfiBkQg6RI6fAfBnbmzL11FjUX7soRjhLIAg2ZG2jA7bJKIdUT58Hhko OBf6JewyBWxoSic6tw4I1nnAQmkNAw4k9qi4mOFfare6PxnCKPoIvkKdA/MFGleY 92ilTpiWqQS+/d4BQhRzVluTVdAhFTQWzdMMXMKfWMetnhUAauxSdiyHyqzsDr0I HkBU8qzIuFFWOnQxRFyOOSOax1w8d6xa6TrFzDcUtZz15/YciI34IRrogqyUEeTU FGYqS61AEK8= =o82A -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce