-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Service Mesh 2.2.8 security update Advisory ID: RHSA-2023:4112-01 Product: RHOSSM Advisory URL: https://access.redhat.com/errata/RHSA-2023:4112 Issue date: 2023-07-17 CVE Names: CVE-2020-24736 CVE-2022-4304 CVE-2022-4450 CVE-2022-41723 CVE-2023-0215 CVE-2023-0361 CVE-2023-1667 CVE-2023-2283 CVE-2023-3089 CVE-2023-24329 CVE-2023-26604 ===================================================================== 1. Summary: Red Hat OpenShift Service Mesh 2.2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Security Fix(es): * openshift: OCP & FIPS mode (CVE-2023-3089) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. JIRA issues fixed (https://issues.redhat.com/): OSSM-4197 - [maistra-2.2] CNI installer fails if /etc/cni/multus/net.d/ doesn't exist OSSM-4222 - Update 2.2 base image OSSM-4289 - Release Kiali container v1.48 for OSSM 2.2 6. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIbBAEBCAAGBQJktcNNAAoJENzjgjWX9erE9L8P9icMA6CCbFgzAOKmlnmVRK1R 2en1CBkJC60HesUCQMQpoG0muJy4FQU1u1YH9t8/fikffOrEy/00NdvM1Ivia0qM 6JTnBrkf0sF+80f4/dWSByHNgYb0+hO1r+a3uVyWddkfCht745YCBAUcrIMV07FU UNsgwdZ2cxPU81Jyuv4Sj2i4rAzj5zC4OiS1pFEuPeWR7WMlDltGzgiMff7rxMux 1qVAeFP7Fl8vjeRTaaBkadoEPMwSSv9GvM/KO2U53kNeTBWehoN52TVL4qpBdOqH ikhocMXqGHXUn8sP9HP03kKoaUoxzxRbP8kddOBXk66ov7Tfb41xA7RK5RR7oR/3 11J1JThQY+3AXMKxOU6uNZub1sB55LUH6WUGkIkhZQ/NNmmrLaoYfWAwyZwrUROE pjHLoNQkKKD52IQb33PgOms0/ZsfdjDfGrQDoMJ/1jc8h/wMep7Zq419FG12qDI9 aYzV9BsiYnQ5lWn8CXE7lGZucONUmqaBkpRxUr7KPiHJTpUDrzCpqgCZQPDiTU1z E3R17Gzf1cOLMnyWaMRmOf1qkv4WuG9X6gJTw7PdkUrHZNsP4nnZkLLvCg8zF0Vf 4/r3r+N9VfoQ6R6iOuFBxYwfV+Df6/6suxoj3BmK8VhkbT0/K+VERxv/0kIb0q7O SNI7souDkchQl4RP17A= =CxKZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce