Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-27918 (GCVE-0-2021-27918)
Vulnerability from cvelistv5 – Published: 2021-03-10 23:54 – Updated: 2024-08-03 21:33
VLAI
EPSS
Summary
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://groups.google.com/g/golang-announce/c/Mfi… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202208-02 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T15:11:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27918",
"datePublished": "2021-03-10T23:54:43.000Z",
"dateReserved": "2021-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:16.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-27918",
"date": "2026-06-16",
"epss": "0.02543",
"percentile": "0.82909"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.15.9\", \"matchCriteriaId\": \"AB004DF7-C7C5-4A2C-A0B1-5296DEBC64DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.16.0\", \"versionEndExcluding\": \"1.16.1\", \"matchCriteriaId\": \"23643AC7-98B9-465F-B10B-C7AD4C59F77E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.\"}, {\"lang\": \"es\", \"value\": \"encoding/xml en Go versiones anteriores a 1.15.9 y versiones 1.16.x anteriores a 1.16.1, presenta un bucle infinito si un TokenReader personalizado (para xml.NewTokenDecoder) devuelve EOF en medio de un elemento.\u0026#xa0;Esto puede ocurrir en el m\\u00e9todo Decode, DecodeElement o Skip\"}]",
"id": "CVE-2021-27918",
"lastModified": "2024-11-21T05:58:48.207",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-03-11T00:15:12.030",
"references": "[{\"url\": \"https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-835\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27918\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-03-11T00:15:12.030\",\"lastModified\":\"2024-11-21T05:58:48.207\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.\"},{\"lang\":\"es\",\"value\":\"encoding/xml en Go versiones anteriores a 1.15.9 y versiones 1.16.x anteriores a 1.16.1, presenta un bucle infinito si un TokenReader personalizado (para xml.NewTokenDecoder) devuelve EOF en medio de un elemento.\u0026#xa0;Esto puede ocurrir en el m\u00e9todo Decode, DecodeElement o Skip\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15.9\",\"matchCriteriaId\":\"AB004DF7-C7C5-4A2C-A0B1-5296DEBC64DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.16.0\",\"versionEndExcluding\":\"1.16.1\",\"matchCriteriaId\":\"23643AC7-98B9-465F-B10B-C7AD4C59F77E\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2025-AVI-0582
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une élévation de privilèges, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Palo Alto Networks indique que la vulnérabilité CVE-2025-6554, qui affecte Prisma Access Browser, est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | N/A | Autonomous Digital Experience Manager versions 5.6.x antérieures à 5.6.7 sur macOS | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.8 sur Linux (disponibilité prévue pour le 11 juillet 2025) | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.2.x antérieures à 6.2.8-h2 (6.2.8-c243) sur macOS et Windows | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.1.x et GlobalProtect App versions 6.0.x | ||
| Palo Alto Networks | GlobalProtect App | GlobalProtect App versions 6.3.x antérieures à 6.3.3-h1 (6.3.3-c650) sur macOS et Windows | ||
| Palo Alto Networks | Prisma Access Browser | Prisma Access Browser versions antérieures à 138.33.5.97 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Autonomous Digital Experience Manager versions 5.6.x ant\u00e9rieures \u00e0 5.6.7 sur macOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8 sur Linux (disponibilit\u00e9 pr\u00e9vue pour le 11 juillet 2025)",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.8-h2 (6.2.8-c243) sur macOS et Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.1.x et GlobalProtect App versions 6.0.x ",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect App versions 6.3.x ant\u00e9rieures \u00e0 6.3.3-h1 (6.3.3-c650) sur macOS et Windows",
"product": {
"name": "GlobalProtect App",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "Prisma Access Browser versions ant\u00e9rieures \u00e0 138.33.5.97",
"product": {
"name": "Prisma Access Browser",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2025-5959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5959"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2021-20305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
},
{
"name": "CVE-2025-6192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6192"
},
{
"name": "CVE-2019-5827",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5827"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2025-0140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0140"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2025-6557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6557"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2025-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0139"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2019-13751",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13751"
},
{
"name": "CVE-2025-0141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0141"
},
{
"name": "CVE-2025-6556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6556"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2019-13750",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13750"
},
{
"name": "CVE-2020-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2025-6191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6191"
},
{
"name": "CVE-2025-6554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6554"
},
{
"name": "CVE-2025-5958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5958"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2019-19603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
},
{
"name": "CVE-2020-9283",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2025-6555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6555"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0582",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nPalo Alto Networks indique que la vuln\u00e9rabilit\u00e9 CVE-2025-6554, qui affecte Prisma Access Browser, est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
"vendor_advisories": [
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0139",
"url": "https://security.paloaltonetworks.com/CVE-2025-0139"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0140",
"url": "https://security.paloaltonetworks.com/CVE-2025-0140"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0012",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0012"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2025-0141",
"url": "https://security.paloaltonetworks.com/CVE-2025-0141"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2025-0013",
"url": "https://security.paloaltonetworks.com/PAN-SA-2025-0013"
}
]
}
FKIE_CVE-2021-27918
Vulnerability from fkie_nvd - Published: 2021-03-11 00:15 - Updated: 2024-11-21 05:58
Severity
Summary
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB004DF7-C7C5-4A2C-A0B1-5296DEBC64DD",
"versionEndExcluding": "1.15.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23643AC7-98B9-465F-B10B-C7AD4C59F77E",
"versionEndExcluding": "1.16.1",
"versionStartIncluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method."
},
{
"lang": "es",
"value": "encoding/xml en Go versiones anteriores a 1.15.9 y versiones 1.16.x anteriores a 1.16.1, presenta un bucle infinito si un TokenReader personalizado (para xml.NewTokenDecoder) devuelve EOF en medio de un elemento.\u0026#xa0;Esto puede ocurrir en el m\u00e9todo Decode, DecodeElement o Skip"
}
],
"id": "CVE-2021-27918",
"lastModified": "2024-11-21T05:58:48.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-11T00:15:12.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8MMP-C685-53VW
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-08-05 00:00
VLAI
Details
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2021-27918"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T00:15:00Z",
"severity": "HIGH"
},
"details": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"id": "GHSA-8mmp-c685-53vw",
"modified": "2022-08-05T00:00:28Z",
"published": "2022-05-24T17:44:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2021-27918
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-27918",
"description": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"id": "GSD-2021-27918",
"references": [
"https://www.suse.com/security/cve/CVE-2021-27918.html",
"https://access.redhat.com/errata/RHSA-2021:3556",
"https://access.redhat.com/errata/RHSA-2021:3555",
"https://access.redhat.com/errata/RHSA-2021:3076",
"https://access.redhat.com/errata/RHBA-2021:3003",
"https://access.redhat.com/errata/RHSA-2021:2705",
"https://access.redhat.com/errata/RHSA-2021:2704",
"https://advisories.mageia.org/CVE-2021-27918.html",
"https://security.archlinux.org/CVE-2021-27918",
"https://linux.oracle.com/cve/CVE-2021-27918.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-27918"
],
"details": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"id": "GSD-2021-27918",
"modified": "2023-12-13T01:23:35.523968Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.15.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.1",
"versionStartIncluding": "1.16.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27918"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-12-13T16:28Z",
"publishedDate": "2021-03-11T00:15Z"
}
}
}
MSRC_CVE-2021-27918
Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2026-02-18 14:03Summary
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode DecodeElement or Skip method.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19696-17084 | — | ||
| Unresolved product id: 17021-17084 | — |
Known affected
2 products
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-4 | — | ||
| Unresolved product id: 17084-1 | — | ||
| Unresolved product id: 17084-2 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-27918 encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode DecodeElement or Skip method. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-27918.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode DecodeElement or Skip method.",
"tracking": {
"current_release_date": "2026-02-18T14:03:28.000Z",
"generator": {
"date": "2026-02-26T08:07:32.768Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-27918",
"initial_release_date": "2021-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-03-19T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
},
{
"date": "2026-02-18T14:03:28.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Information published."
}
],
"status": "final",
"version": "13"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.11.0-3",
"product": {
"name": "\u003cazl3 python-tensorboard 2.11.0-3",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.11.0-3",
"product": {
"name": "azl3 python-tensorboard 2.11.0-3",
"product_id": "19696"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.16.2-2",
"product": {
"name": "azl3 python-tensorboard 2.16.2-2",
"product_id": "17021"
}
}
],
"category": "product_name",
"name": "python-tensorboard"
},
{
"category": "product_name",
"name": "azl3 golang 1.23.9-1",
"product": {
"name": "azl3 golang 1.23.9-1",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.23.12-1",
"product": {
"name": "azl3 golang 1.23.12-1",
"product_id": "1"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.24.3-1",
"product": {
"name": "azl3 golang 1.24.3-1",
"product_id": "2"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "19696-17084"
},
"product_reference": "19696",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.9-1 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-2 as a component of Azure Linux 3.0",
"product_id": "17021-17084"
},
"product_reference": "17021",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.12-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.24.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-4",
"17084-2"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19696-17084",
"17021-17084"
],
"known_affected": [
"17084-3",
"17084-5"
],
"known_not_affected": [
"17084-4",
"17084-1",
"17084-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-27918 encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode DecodeElement or Skip method. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-27918.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-03-19T00:00:00.000Z",
"details": "2.16.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17084-5"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-3",
"17084-5"
]
}
],
"title": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode DecodeElement or Skip method."
}
]
}
OPENSUSE-SU-2021:0480-1
Vulnerability from csaf_opensuse - Published: 2021-03-27 17:04 - Updated: 2021-03-27 17:04Summary
Security update for go1.15
Severity
Moderate
Notes
Title of the patch: Security update for go1.15
Description of the patch: This update for go1.15 fixes the following issues:
- go1.15.10 (released 2021-03-11) (bsc#1175132)
- go1.15.9 (released 2021-03-10) (bsc#1175132)
- CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2021-480
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:go1.15-1.15.10-lp152.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.15-doc-1.15.10-lp152.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:go1.15-race-1.15.10-lp152.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.15",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.15 fixes the following issues:\n\n- go1.15.10 (released 2021-03-11) (bsc#1175132)\n- go1.15.9 (released 2021-03-10) (bsc#1175132)\n - CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-480",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0480-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0480-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4PG5AXR4LXEWYU5DHYEVESCXWKO3HFHO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0480-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4PG5AXR4LXEWYU5DHYEVESCXWKO3HFHO/"
},
{
"category": "self",
"summary": "SUSE Bug 1175132",
"url": "https://bugzilla.suse.com/1175132"
},
{
"category": "self",
"summary": "SUSE Bug 1183333",
"url": "https://bugzilla.suse.com/1183333"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
}
],
"title": "Security update for go1.15",
"tracking": {
"current_release_date": "2021-03-27T17:04:43Z",
"generator": {
"date": "2021-03-27T17:04:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0480-1",
"initial_release_date": "2021-03-27T17:04:43Z",
"revision_history": [
{
"date": "2021-03-27T17:04:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.10-lp152.14.1.x86_64",
"product": {
"name": "go1.15-1.15.10-lp152.14.1.x86_64",
"product_id": "go1.15-1.15.10-lp152.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.10-lp152.14.1.x86_64",
"product": {
"name": "go1.15-doc-1.15.10-lp152.14.1.x86_64",
"product_id": "go1.15-doc-1.15.10-lp152.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.10-lp152.14.1.x86_64",
"product": {
"name": "go1.15-race-1.15.10-lp152.14.1.x86_64",
"product_id": "go1.15-race-1.15.10-lp152.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.10-lp152.14.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-1.15.10-lp152.14.1.x86_64"
},
"product_reference": "go1.15-1.15.10-lp152.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.10-lp152.14.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-doc-1.15.10-lp152.14.1.x86_64"
},
"product_reference": "go1.15-doc-1.15.10-lp152.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.10-lp152.14.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:go1.15-race-1.15.10-lp152.14.1.x86_64"
},
"product_reference": "go1.15-race-1.15.10-lp152.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:go1.15-1.15.10-lp152.14.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.10-lp152.14.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.10-lp152.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:go1.15-1.15.10-lp152.14.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.10-lp152.14.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.10-lp152.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:go1.15-1.15.10-lp152.14.1.x86_64",
"openSUSE Leap 15.2:go1.15-doc-1.15.10-lp152.14.1.x86_64",
"openSUSE Leap 15.2:go1.15-race-1.15.10-lp152.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-27T17:04:43Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
}
]
}
OPENSUSE-SU-2024:10808-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.15-1.15.15-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: go1.15-1.15.15-1.2 on GA media
Description of the patch: These are all security issues fixed in the go1.15-1.15.15-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10808
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.15-1.15.15-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.15-1.15.15-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10808",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10808-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24553 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28362 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28366 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28367 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3114 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3115 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34558 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
}
],
"title": "go1.15-1.15.15-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10808-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-1.15.15-1.2.aarch64",
"product_id": "go1.15-1.15.15-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-doc-1.15.15-1.2.aarch64",
"product_id": "go1.15-doc-1.15.15-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.aarch64",
"product": {
"name": "go1.15-race-1.15.15-1.2.aarch64",
"product_id": "go1.15-race-1.15.15-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-1.15.15-1.2.ppc64le",
"product_id": "go1.15-1.15.15-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-doc-1.15.15-1.2.ppc64le",
"product_id": "go1.15-doc-1.15.15-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.ppc64le",
"product": {
"name": "go1.15-race-1.15.15-1.2.ppc64le",
"product_id": "go1.15-race-1.15.15-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-1.15.15-1.2.s390x",
"product_id": "go1.15-1.15.15-1.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-doc-1.15.15-1.2.s390x",
"product_id": "go1.15-doc-1.15.15-1.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.s390x",
"product": {
"name": "go1.15-race-1.15.15-1.2.s390x",
"product_id": "go1.15-race-1.15.15-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.15-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-1.15.15-1.2.x86_64",
"product_id": "go1.15-1.15.15-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-doc-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-doc-1.15.15-1.2.x86_64",
"product_id": "go1.15-doc-1.15.15-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.15-race-1.15.15-1.2.x86_64",
"product": {
"name": "go1.15-race-1.15.15-1.2.x86_64",
"product_id": "go1.15-race-1.15.15-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-doc-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-doc-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-doc-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-doc-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-doc-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64"
},
"product_reference": "go1.15-race-1.15.15-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le"
},
"product_reference": "go1.15-race-1.15.15-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x"
},
"product_reference": "go1.15-race-1.15.15-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.15-race-1.15.15-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
},
"product_reference": "go1.15-race-1.15.15-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24553"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24553",
"url": "https://www.suse.com/security/cve/CVE-2020-24553"
},
{
"category": "external",
"summary": "SUSE Bug 1176031 for CVE-2020-24553",
"url": "https://bugzilla.suse.com/1176031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24553"
},
{
"cve": "CVE-2020-28362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28362"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28362",
"url": "https://www.suse.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "SUSE Bug 1178750 for CVE-2020-28362",
"url": "https://bugzilla.suse.com/1178750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28362"
},
{
"cve": "CVE-2020-28366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28366"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28366",
"url": "https://www.suse.com/security/cve/CVE-2020-28366"
},
{
"category": "external",
"summary": "SUSE Bug 1178753 for CVE-2020-28366",
"url": "https://bugzilla.suse.com/1178753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28366"
},
{
"cve": "CVE-2020-28367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28367"
}
],
"notes": [
{
"category": "general",
"text": "Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28367",
"url": "https://www.suse.com/security/cve/CVE-2020-28367"
},
{
"category": "external",
"summary": "SUSE Bug 1178752 for CVE-2020-28367",
"url": "https://bugzilla.suse.com/1178752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28367"
},
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-3114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3114"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3114",
"url": "https://www.suse.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "SUSE Bug 1181145 for CVE-2021-3114",
"url": "https://bugzilla.suse.com/1181145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3114"
},
{
"cve": "CVE-2021-3115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3115"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the \"go get\" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3115",
"url": "https://www.suse.com/security/cve/CVE-2021-3115"
},
{
"category": "external",
"summary": "SUSE Bug 1181146 for CVE-2021-3115",
"url": "https://bugzilla.suse.com/1181146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3115"
},
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-33195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33195"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://www.suse.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "SUSE Bug 1187443 for CVE-2021-33195",
"url": "https://bugzilla.suse.com/1187443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33196"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\u0027s header) can cause a NewReader or OpenReader panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33196",
"url": "https://www.suse.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "SUSE Bug 1186622 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1186622"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33197"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://www.suse.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "SUSE Bug 1187444 for CVE-2021-33197",
"url": "https://bugzilla.suse.com/1187444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33198"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://www.suse.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "SUSE Bug 1187445 for CVE-2021-33198",
"url": "https://bugzilla.suse.com/1187445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34558"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://www.suse.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "SUSE Bug 1188229 for CVE-2021-34558",
"url": "https://bugzilla.suse.com/1188229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-doc-1.15.15-1.2.x86_64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.aarch64",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.ppc64le",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.s390x",
"openSUSE Tumbleweed:go1.15-race-1.15.15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
}
]
}
OPENSUSE-SU-2024:10809-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.16-1.16.8-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.16-1.16.8-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.16-1.16.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10809
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.16-1.16.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.16-1.16.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10809",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10809-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27919 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34558 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39293 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39293/"
}
],
"title": "go1.16-1.16.8-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10809-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-1.16.8-1.1.aarch64",
"product_id": "go1.16-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product_id": "go1.16-doc-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product_id": "go1.16-race-1.16.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-1.16.8-1.1.ppc64le",
"product_id": "go1.16-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product_id": "go1.16-doc-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product_id": "go1.16-race-1.16.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-1.16.8-1.1.s390x",
"product_id": "go1.16-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product_id": "go1.16-doc-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-race-1.16.8-1.1.s390x",
"product_id": "go1.16-race-1.16.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-1.16.8-1.1.x86_64",
"product_id": "go1.16-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product_id": "go1.16-doc-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product_id": "go1.16-race-1.16.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-doc-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-race-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-race-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-race-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-race-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27919"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27919",
"url": "https://www.suse.com/security/cve/CVE-2021-27919"
},
{
"category": "external",
"summary": "SUSE Bug 1183334 for CVE-2021-27919",
"url": "https://bugzilla.suse.com/1183334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-33195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33195"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://www.suse.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "SUSE Bug 1187443 for CVE-2021-33195",
"url": "https://bugzilla.suse.com/1187443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33196"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\u0027s header) can cause a NewReader or OpenReader panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33196",
"url": "https://www.suse.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "SUSE Bug 1186622 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1186622"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33197"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://www.suse.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "SUSE Bug 1187444 for CVE-2021-33197",
"url": "https://bugzilla.suse.com/1187444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33198"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://www.suse.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "SUSE Bug 1187445 for CVE-2021-33198",
"url": "https://bugzilla.suse.com/1187445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34558"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://www.suse.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "SUSE Bug 1188229 for CVE-2021-34558",
"url": "https://bugzilla.suse.com/1188229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-39293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39293"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39293",
"url": "https://www.suse.com/security/cve/CVE-2021-39293"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-39293",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-39293"
}
]
}
RHBA-2021:3003
Vulnerability from csaf_redhat - Published: 2021-08-03 18:15 - Updated: 2026-03-19 07:50Summary
Red Hat Bug Fix Advisory: Red Hat OpenShift Container Storage 4.8.0 container images bug fix and enhancement update
Severity
Moderate
Notes
Topic: Updated images that include numerous bug fixes and enhancements are now available for Red Hat OpenShift Container Storage 4.8.0 on Red Hat Enterprise Linux 8.
Details: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
These updated images include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s
torage/4.8/html/4.8_release_notes/index
All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is to confidentiality, integrity, as well as system availability.
7.1 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
67 references
Acknowledgments
the Kubernetes Product Security Committee
purelyapplied
Patrick Rhomberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous bug fixes and enhancements are now available for Red Hat OpenShift Container Storage 4.8.0 on Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nThese updated images include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_s\ntorage/4.8/html/4.8_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:3003",
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
},
{
"category": "external",
"summary": "1819483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819483"
},
{
"category": "external",
"summary": "1848278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848278"
},
{
"category": "external",
"summary": "1918783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918783"
},
{
"category": "external",
"summary": "1923819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923819"
},
{
"category": "external",
"summary": "1924946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924946"
},
{
"category": "external",
"summary": "1924949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924949"
},
{
"category": "external",
"summary": "1929209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929209"
},
{
"category": "external",
"summary": "1934633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934633"
},
{
"category": "external",
"summary": "1936388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936388"
},
{
"category": "external",
"summary": "1936858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936858"
},
{
"category": "external",
"summary": "1937604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937604"
},
{
"category": "external",
"summary": "1938112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938112"
},
{
"category": "external",
"summary": "1939007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939007"
},
{
"category": "external",
"summary": "1940312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940312"
},
{
"category": "external",
"summary": "1943280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943280"
},
{
"category": "external",
"summary": "1944158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944158"
},
{
"category": "external",
"summary": "1944410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944410"
},
{
"category": "external",
"summary": "1946595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946595"
},
{
"category": "external",
"summary": "1947796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947796"
},
{
"category": "external",
"summary": "1948378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948378"
},
{
"category": "external",
"summary": "1950225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950225"
},
{
"category": "external",
"summary": "1950419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950419"
},
{
"category": "external",
"summary": "1952344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952344"
},
{
"category": "external",
"summary": "1953572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953572"
},
{
"category": "external",
"summary": "1955831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955831"
},
{
"category": "external",
"summary": "1956232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956232"
},
{
"category": "external",
"summary": "1956256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956256"
},
{
"category": "external",
"summary": "1957712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957712"
},
{
"category": "external",
"summary": "1958373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958373"
},
{
"category": "external",
"summary": "1959257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959257"
},
{
"category": "external",
"summary": "1959964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959964"
},
{
"category": "external",
"summary": "1961517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961517"
},
{
"category": "external",
"summary": "1961647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961647"
},
{
"category": "external",
"summary": "1962109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962109"
},
{
"category": "external",
"summary": "1962207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962207"
},
{
"category": "external",
"summary": "1962278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962278"
},
{
"category": "external",
"summary": "1962751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962751"
},
{
"category": "external",
"summary": "1962755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962755"
},
{
"category": "external",
"summary": "1963134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963134"
},
{
"category": "external",
"summary": "1963191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963191"
},
{
"category": "external",
"summary": "1964238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964238"
},
{
"category": "external",
"summary": "1964373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964373"
},
{
"category": "external",
"summary": "1964467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964467"
},
{
"category": "external",
"summary": "1965290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965290"
},
{
"category": "external",
"summary": "1966149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966149"
},
{
"category": "external",
"summary": "1966661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966661"
},
{
"category": "external",
"summary": "1966999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966999"
},
{
"category": "external",
"summary": "1967628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967628"
},
{
"category": "external",
"summary": "1967837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967837"
},
{
"category": "external",
"summary": "1967877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967877"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_3003.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat OpenShift Container Storage 4.8.0 container images bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-03-19T07:50:08+00:00",
"generator": {
"date": "2026-03-19T07:50:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHBA-2021:3003",
"initial_release_date": "2021-08-03T18:15:00+00:00",
"revision_history": [
{
"date": "2021-08-03T18:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-03T18:15:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T07:50:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Patrick Rhomberg"
],
"organization": "purelyapplied",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8565",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2020-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886638"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform 4 does not support LogLevels higher than 8 (via \u0027TraceAll\u0027), and is therefore not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8565"
},
{
"category": "external",
"summary": "RHBZ#1886638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565"
},
{
"category": "external",
"summary": "https://github.com/kubernetes/kubernetes/issues/95623",
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk",
"url": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk"
}
],
"release_date": "2020-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9"
},
{
"cve": "CVE-2021-3529",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1950479"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "noobaa-core: Cross-site scripting vulnerability with noobaa management URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3529"
},
{
"category": "external",
"summary": "RHBZ#1950479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3529"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3529",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3529"
}
],
"release_date": "2021-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "noobaa-core: Cross-site scripting vulnerability with noobaa management URL"
},
{
"cve": "CVE-2021-27918",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937901"
}
],
"notes": [
{
"category": "description",
"text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "RHBZ#1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader"
}
]
}
RHBA-2021_3003
Vulnerability from csaf_redhat - Published: 2021-08-03 18:15 - Updated: 2024-12-17 21:12Summary
Red Hat Bug Fix Advisory: Red Hat OpenShift Container Storage 4.8.0 container images bug fix and enhancement update
Severity
Moderate
Notes
Topic: Updated images that include numerous bug fixes and enhancements are now available for Red Hat OpenShift Container Storage 4.8.0 on Red Hat Enterprise Linux 8.
Details: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
These updated images include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s
torage/4.8/html/4.8_release_notes/index
All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is to confidentiality, integrity, as well as system availability.
7.1 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
67 references
Acknowledgments
the Kubernetes Product Security Committee
purelyapplied
Patrick Rhomberg
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous bug fixes and enhancements are now available for Red Hat OpenShift Container Storage 4.8.0 on Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nThese updated images include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_s\ntorage/4.8/html/4.8_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:3003",
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
},
{
"category": "external",
"summary": "1819483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819483"
},
{
"category": "external",
"summary": "1848278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848278"
},
{
"category": "external",
"summary": "1918783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918783"
},
{
"category": "external",
"summary": "1923819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923819"
},
{
"category": "external",
"summary": "1924946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924946"
},
{
"category": "external",
"summary": "1924949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924949"
},
{
"category": "external",
"summary": "1929209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929209"
},
{
"category": "external",
"summary": "1934633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934633"
},
{
"category": "external",
"summary": "1936388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936388"
},
{
"category": "external",
"summary": "1936858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936858"
},
{
"category": "external",
"summary": "1937604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937604"
},
{
"category": "external",
"summary": "1938112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1938112"
},
{
"category": "external",
"summary": "1939007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939007"
},
{
"category": "external",
"summary": "1940312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940312"
},
{
"category": "external",
"summary": "1943280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943280"
},
{
"category": "external",
"summary": "1944158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944158"
},
{
"category": "external",
"summary": "1944410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944410"
},
{
"category": "external",
"summary": "1946595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946595"
},
{
"category": "external",
"summary": "1947796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947796"
},
{
"category": "external",
"summary": "1948378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948378"
},
{
"category": "external",
"summary": "1950225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950225"
},
{
"category": "external",
"summary": "1950419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950419"
},
{
"category": "external",
"summary": "1952344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952344"
},
{
"category": "external",
"summary": "1953572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953572"
},
{
"category": "external",
"summary": "1955831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955831"
},
{
"category": "external",
"summary": "1956232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956232"
},
{
"category": "external",
"summary": "1956256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956256"
},
{
"category": "external",
"summary": "1957712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957712"
},
{
"category": "external",
"summary": "1958373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958373"
},
{
"category": "external",
"summary": "1959257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959257"
},
{
"category": "external",
"summary": "1959964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959964"
},
{
"category": "external",
"summary": "1961517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961517"
},
{
"category": "external",
"summary": "1961647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961647"
},
{
"category": "external",
"summary": "1962109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962109"
},
{
"category": "external",
"summary": "1962207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962207"
},
{
"category": "external",
"summary": "1962278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962278"
},
{
"category": "external",
"summary": "1962751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962751"
},
{
"category": "external",
"summary": "1962755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962755"
},
{
"category": "external",
"summary": "1963134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963134"
},
{
"category": "external",
"summary": "1963191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963191"
},
{
"category": "external",
"summary": "1964238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964238"
},
{
"category": "external",
"summary": "1964373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964373"
},
{
"category": "external",
"summary": "1964467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964467"
},
{
"category": "external",
"summary": "1965290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965290"
},
{
"category": "external",
"summary": "1966149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966149"
},
{
"category": "external",
"summary": "1966661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966661"
},
{
"category": "external",
"summary": "1966999",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966999"
},
{
"category": "external",
"summary": "1967628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967628"
},
{
"category": "external",
"summary": "1967837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967837"
},
{
"category": "external",
"summary": "1967877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967877"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_3003.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat OpenShift Container Storage 4.8.0 container images bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-12-17T21:12:27+00:00",
"generator": {
"date": "2024-12-17T21:12:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHBA-2021:3003",
"initial_release_date": "2021-08-03T18:15:00+00:00",
"revision_history": [
{
"date": "2021-08-03T18:15:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-03T18:15:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:12:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.8-125.01872cc.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.8.0-38.e060925.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.8.0-27.4a6ca5f.5.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.8.0-5"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.8-196.a35d7d7.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.8-167.9a9db5f.release_4.8"
}
}
},
{
"category": "product_version",
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product_id": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/volume-replication-rhel8-operator\u0026tag=4.8-20.ab575a2.release_v0.1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64 as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le as a component of Red Hat OpenShift Container Storage 4.8 on RHEL-8",
"product_id": "8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
},
"product_reference": "ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Kubernetes Product Security Committee"
]
},
{
"names": [
"Patrick Rhomberg"
],
"organization": "purelyapplied",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2020-8565",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2020-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886638"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform 4 does not support LogLevels higher than 8 (via \u0027TraceAll\u0027), and is therefore not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8565"
},
{
"category": "external",
"summary": "RHBZ#1886638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565"
},
{
"category": "external",
"summary": "https://github.com/kubernetes/kubernetes/issues/95623",
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
},
{
"category": "external",
"summary": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk",
"url": "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk"
}
],
"release_date": "2020-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9"
},
{
"cve": "CVE-2021-3529",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1950479"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in noobaa-core. This flaw results in the name of an arbitrary URL copied into an HTML document as plain text between tags, including a potential payload script. The input is echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application\u0027s response. The highest threat to the system is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "noobaa-core: Cross-site scripting vulnerability with noobaa management URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3529"
},
{
"category": "external",
"summary": "RHBZ#1950479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3529"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3529",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3529"
}
],
"release_date": "2021-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "noobaa-core: Cross-site scripting vulnerability with noobaa management URL"
},
{
"cve": "CVE-2021-27918",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937901"
}
],
"notes": [
{
"category": "description",
"text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "RHBZ#1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-03T18:15:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3003"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:1819cba5b8d43c37d8b4521ffe5cbd59bd54be42953a08380cd709eb45fa0cd7_amd64",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:a8b8bf6dbc9066e3e0357f2ee2280137fb4071b7410680c92df85ff3f61e3e71_s390x",
"8Base-RH-OCS-4.8:ocs4/cephcsi-rhel8@sha256:fd09ea1209f059743c68f8c5a6d96bf0d194382e596281b7a79eebc75cae8781_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:0cb74e8ebd0ec62591a86497e2557e606c1eca91560a2c302442aafdee9d2ba3_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:3c805f5f71b7fbc3d77f05e0eb04a242ee277ded61121a2f78f58a6f2e3d6239_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-core-rhel8@sha256:a35b39d108c85722af235fa856c239a4f9c16a6c60664d91672c680e3fd1e735_ppc64le",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:260bc0e079e4d8e7d29c0480f6a70278709f27a12cd70bb2fb9cbe6334af3333_amd64",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:76353560ad951875d5a031ccee8ffc13f6424b14f4f477b4ce6bbc71edbadc86_s390x",
"8Base-RH-OCS-4.8:ocs4/mcg-rhel8-operator@sha256:aa285fae19902f0fe3aa80f17024ffeba8b3cff017b4e5c02e220cbd80c06973_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:180ca4c2ca1f8bfd59251ef37dc6f0b0c6f6b651383dad7a34ef67c0374617f5_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:2c24b0616e961f1c95fe84abccc01ab79d91f8cc2add3035c2821c0fd49ee675_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-must-gather-rhel8@sha256:cc4d487f0ed7beb0662489ffb48ed7ee1a7d95a08f2f959af3d2425a082e5d99_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:644bf5f6e364ba10268d76ee5919bd8f48a772644dba85612730e3792e0f4ea1_s390x",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:851d87a64e1e9f4777791b20fc6c7e4252e779f79d3ecc09bd7af3f9395de771_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-operator-bundle@sha256:91515bf10db2c19a059a16e4df1a331f4b919f2eb1ab11d2a09d054f38fe1fc7_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:8e6d5a070f6be7ee8558d4629483af9bae4259d78fe677d5855b75317939621f_amd64",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:b8f2788c69ac85df91ddc16c9e3d228e638b4deafb5227be521ae343d3010baa_ppc64le",
"8Base-RH-OCS-4.8:ocs4/ocs-rhel8-operator@sha256:f7a29c6ef520ef1728ce6c1caeb84f6a4d7c8e3f2f46daf373403d34543df36f_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:19b8b9aa50c96c9b8ee26d3f1778fa3394ec7e042f81a6eef593b003622fa6f8_amd64",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:25682019c97995e63d466115157158f661c3e38c697a03ee2d488a04f2f4adec_s390x",
"8Base-RH-OCS-4.8:ocs4/rook-ceph-rhel8-operator@sha256:ed689445f56e7e50d872f2e0b0d61bdf4c08d4bd34daf246ff49648d3f5a298d_ppc64le",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:45210e36c8bb62080cb96c7a9aaefffa22e8749bfbe0e2e3f66b7d36e3f40b3f_amd64",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:695c55a8d65caf60e902b45afa80f59959d3a47c271150f9779b02e77f6c2068_s390x",
"8Base-RH-OCS-4.8:ocs4/volume-replication-rhel8-operator@sha256:c33567da3a51dc79c490f635b201359c41391aae1fcc071ea6b6862f344e6784_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…