Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31525 (GCVE-0-2021-31525)
Vulnerability from cvelistv5 – Published: 2021-05-27 12:17 – Updated: 2024-08-03 23:03- n/a
| URL | Tags |
|---|---|
| https://groups.google.com/g/golang-announce/c/cu9… | x_refsource_MISC |
| https://github.com/golang/go/issues/45710 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202208-02 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T15:07:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
},
{
"name": "https://github.com/golang/go/issues/45710",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/45710"
},
{
"name": "FEDORA-2021-ee3c072cd0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31525",
"datePublished": "2021-05-27T12:17:11.000Z",
"dateReserved": "2021-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:33.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-31525",
"date": "2026-07-09",
"epss": "0.03692",
"percentile": "0.88397"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.15.12\", \"matchCriteriaId\": \"DCA080B5-DEFB-462A-8908-2EBD5D2075D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.16.0\", \"versionEndExcluding\": \"1.16.4\", \"matchCriteriaId\": \"644F0433-E29C-4748-BDA9-5332DF7CBE14\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.\"}, {\"lang\": \"es\", \"value\": \"net/http en Go versiones anteriores a 1.15.12 y versiones 1.16.x anteriores a 1.16.4, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (p\\u00e1nico) por medio de un encabezado grande en los par\\u00e1metros ReadRequest o ReadResponse.\u0026#xa0;El Servidor, el Transporte y el Cliente pueden estar afectados en algunas configuraciones\"}]",
"id": "CVE-2021-31525",
"lastModified": "2024-11-21T06:05:51.330",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-05-27T13:15:08.207",
"references": "[{\"url\": \"https://github.com/golang/go/issues/45710\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/golang/go/issues/45710\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-674\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31525\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-27T13:15:08.207\",\"lastModified\":\"2024-11-21T06:05:51.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.\"},{\"lang\":\"es\",\"value\":\"net/http en Go versiones anteriores a 1.15.12 y versiones 1.16.x anteriores a 1.16.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (p\u00e1nico) por medio de un encabezado grande en los par\u00e1metros ReadRequest o ReadResponse.\u0026#xa0;El Servidor, el Transporte y el Cliente pueden estar afectados en algunas configuraciones\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15.12\",\"matchCriteriaId\":\"DCA080B5-DEFB-462A-8908-2EBD5D2075D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.16.0\",\"versionEndExcluding\":\"1.16.4\",\"matchCriteriaId\":\"644F0433-E29C-4748-BDA9-5332DF7CBE14\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/golang/go/issues/45710\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/golang/go/issues/45710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
OPENSUSE-SU-2024:10809-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.16-1.16.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.16-1.16.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10809",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10809-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27919 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-31525 page",
"url": "https://www.suse.com/security/cve/CVE-2021-31525/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33195 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33196 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33197 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33198 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34558 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36221 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39293 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39293/"
}
],
"title": "go1.16-1.16.8-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10809-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-1.16.8-1.1.aarch64",
"product_id": "go1.16-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.aarch64",
"product_id": "go1.16-doc-1.16.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product": {
"name": "go1.16-race-1.16.8-1.1.aarch64",
"product_id": "go1.16-race-1.16.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-1.16.8-1.1.ppc64le",
"product_id": "go1.16-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le",
"product_id": "go1.16-doc-1.16.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product": {
"name": "go1.16-race-1.16.8-1.1.ppc64le",
"product_id": "go1.16-race-1.16.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-1.16.8-1.1.s390x",
"product_id": "go1.16-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-doc-1.16.8-1.1.s390x",
"product_id": "go1.16-doc-1.16.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.s390x",
"product": {
"name": "go1.16-race-1.16.8-1.1.s390x",
"product_id": "go1.16-race-1.16.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.16-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-1.16.8-1.1.x86_64",
"product_id": "go1.16-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-doc-1.16.8-1.1.x86_64",
"product_id": "go1.16-doc-1.16.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product": {
"name": "go1.16-race-1.16.8-1.1.x86_64",
"product_id": "go1.16-race-1.16.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-doc-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-doc-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-doc-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-doc-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64"
},
"product_reference": "go1.16-race-1.16.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le"
},
"product_reference": "go1.16-race-1.16.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x"
},
"product_reference": "go1.16-race-1.16.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.16-race-1.16.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
},
"product_reference": "go1.16-race-1.16.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27918"
}
],
"notes": [
{
"category": "general",
"text": "encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27918",
"url": "https://www.suse.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "SUSE Bug 1183333 for CVE-2021-27918",
"url": "https://bugzilla.suse.com/1183333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27919"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27919",
"url": "https://www.suse.com/security/cve/CVE-2021-27919"
},
{
"category": "external",
"summary": "SUSE Bug 1183334 for CVE-2021-27919",
"url": "https://bugzilla.suse.com/1183334"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-31525",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-31525"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-31525",
"url": "https://www.suse.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "SUSE Bug 1185790 for CVE-2021-31525",
"url": "https://bugzilla.suse.com/1185790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-33195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33195"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33195",
"url": "https://www.suse.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "SUSE Bug 1187443 for CVE-2021-33195",
"url": "https://bugzilla.suse.com/1187443"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33196"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive\u0027s header) can cause a NewReader or OpenReader panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33196",
"url": "https://www.suse.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "SUSE Bug 1186622 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1186622"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-33196",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33197"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33197",
"url": "https://www.suse.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "SUSE Bug 1187444 for CVE-2021-33197",
"url": "https://bugzilla.suse.com/1187444"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33198"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33198",
"url": "https://www.suse.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "SUSE Bug 1187445 for CVE-2021-33198",
"url": "https://bugzilla.suse.com/1187445"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34558"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34558",
"url": "https://www.suse.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "SUSE Bug 1188229 for CVE-2021-34558",
"url": "https://bugzilla.suse.com/1188229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-36221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36221"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36221",
"url": "https://www.suse.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "SUSE Bug 1189162 for CVE-2021-36221",
"url": "https://bugzilla.suse.com/1189162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-39293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39293"
}
],
"notes": [
{
"category": "general",
"text": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39293",
"url": "https://www.suse.com/security/cve/CVE-2021-39293"
},
{
"category": "external",
"summary": "SUSE Bug 1190589 for CVE-2021-39293",
"url": "https://bugzilla.suse.com/1190589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-doc-1.16.8-1.1.x86_64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.aarch64",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.ppc64le",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.s390x",
"openSUSE Tumbleweed:go1.16-race-1.16.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-39293"
}
]
}
RHBA-2021:2854
Vulnerability from csaf_redhat - Published: 2021-07-21 17:05 - Updated: 2026-06-28 08:53A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.4.6 is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:2854",
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "external",
"summary": "1981537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981537"
},
{
"category": "external",
"summary": "1981794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981794"
},
{
"category": "external",
"summary": "MIG-752",
"url": "https://issues.redhat.com/browse/MIG-752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_2854.json"
}
],
"title": "Red Hat Bug Fix Advisory: Migration Toolkit for Containers (MTC) 1.4.6 release advisory",
"tracking": {
"current_release_date": "2026-06-28T08:53:06+00:00",
"generator": {
"date": "2026-06-28T08:53:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHBA-2021:2854",
"initial_release_date": "2021-07-21T17:05:20+00:00",
"revision_history": [
{
"date": "2021-07-21T17:05:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-21T17:05:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T08:53:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.4",
"product": {
"name": "8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.4::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.4",
"product": {
"name": "7Server-RHMTC-1.4",
"product_id": "7Server-RHMTC-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.4.6-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.4.6-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 as a component of 7Server-RHMTC-1.4",
"product_id": "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25011",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956919"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in PutLE16()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25011"
},
{
"category": "external",
"summary": "RHBZ#1956919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011"
}
],
"release_date": "2018-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in PutLE16()"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
}
],
"cve": "CVE-2020-25648",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1887319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: TLS 1.3 CCS flood remote DoS Attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25648"
},
{
"category": "external",
"summary": "RHBZ#1887319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648"
},
{
"category": "external",
"summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nss: TLS 1.3 CCS flood remote DoS Attack"
},
{
"cve": "CVE-2020-25692",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1894567"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openldap: NULL pointer dereference for unauthenticated packet in slapd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25692"
},
{
"category": "external",
"summary": "RHBZ#1894567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openldap: NULL pointer dereference for unauthenticated packet in slapd"
},
{
"cve": "CVE-2020-26541",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2020-10-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886285"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26541"
},
{
"category": "external",
"summary": "RHBZ#1886285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886285"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26541",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26541"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541"
}
],
"release_date": "2020-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c"
},
{
"cve": "CVE-2020-27216",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1891132"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: local temporary directory hijacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27216"
},
{
"category": "external",
"summary": "RHBZ#1891132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053"
}
],
"release_date": "2020-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: local temporary directory hijacking vulnerability"
},
{
"cve": "CVE-2020-27218",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2020-11-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1902826"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: buffer not correctly recycled in Gzip Request inflation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27218"
},
{
"category": "external",
"summary": "RHBZ#1902826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8"
}
],
"release_date": "2020-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: buffer not correctly recycled in Gzip Request inflation"
},
{
"cve": "CVE-2020-27223",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934116"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27223"
},
{
"category": "external",
"summary": "RHBZ#1934116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"
}
],
"release_date": "2021-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS"
},
{
"cve": "CVE-2020-36328",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956829"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36328"
},
{
"category": "external",
"summary": "RHBZ#1956829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions"
},
{
"cve": "CVE-2020-36329",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36329"
},
{
"category": "external",
"summary": "RHBZ#1956843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3516",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954225"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3516"
},
{
"category": "external",
"summary": "RHBZ#1954225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3517",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954232"
}
],
"notes": [
{
"category": "description",
"text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3517"
},
{
"category": "external",
"summary": "RHBZ#1954232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3518",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954242"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3518"
},
{
"category": "external",
"summary": "RHBZ#1954242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c"
},
{
"cve": "CVE-2021-3520",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954559"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3520"
},
{
"category": "external",
"summary": "RHBZ#1954559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520"
}
],
"release_date": "2021-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument"
},
{
"acknowledgments": [
{
"names": [
"yuawn"
],
"organization": "NSLab NTU Taiwan"
}
],
"cve": "CVE-2021-3537",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956522"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3537"
},
{
"category": "external",
"summary": "RHBZ#1956522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537"
}
],
"release_date": "2021-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode"
},
{
"acknowledgments": [
{
"names": [
"Sebastian Pipping"
]
}
],
"cve": "CVE-2021-3541",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1950515"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3541"
},
{
"category": "external",
"summary": "RHBZ#1950515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541"
}
],
"release_date": "2021-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms"
},
{
"acknowledgments": [
{
"names": [
"Demi M. Obenour"
]
}
],
"cve": "CVE-2021-20271",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934125"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rpm: Signature checks bypass via corrupted rpm package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM. It is strongly recommended to only use RPMs from trusted repositories.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20271"
},
{
"category": "external",
"summary": "RHBZ#1934125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271"
}
],
"release_date": "2021-03-11T22:53:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rpm: Signature checks bypass via corrupted rpm package"
},
{
"cve": "CVE-2021-21642",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn\u0027t configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21642"
},
{
"category": "external",
"summary": "RHBZ#1952146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204",
"url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks."
},
{
"cve": "CVE-2021-21643",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21643"
},
{
"category": "external",
"summary": "RHBZ#1952148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254",
"url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints."
},
{
"cve": "CVE-2021-21644",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952151"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21644"
},
{
"category": "external",
"summary": "RHBZ#1952151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability."
},
{
"cve": "CVE-2021-21645",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21645"
},
{
"category": "external",
"summary": "RHBZ#1952152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints."
},
{
"cve": "CVE-2021-27219",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1929858"
}
],
"notes": [
{
"category": "description",
"text": "An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer.\n\nApplications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27219"
},
{
"category": "external",
"summary": "RHBZ#1929858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219"
}
],
"release_date": "2021-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33034",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1961305"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33034"
},
{
"category": "external",
"summary": "RHBZ#1961305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
},
{
"category": "external",
"summary": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl",
"url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
},
{
"category": "external",
"summary": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1",
"url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan"
}
]
}
RHBA-2021:2979
Vulnerability from csaf_redhat - Published: 2021-08-11 05:14 - Updated: 2026-06-28 12:12A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.7.23 is now available with\nupdates to packages and images that fix several bugs.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.23. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2977\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:2979",
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
},
{
"category": "external",
"summary": "1988937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988937"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_2979.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update",
"tracking": {
"current_release_date": "2026-06-28T12:12:12+00:00",
"generator": {
"date": "2026-06-28T12:12:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHBA-2021:2979",
"initial_release_date": "2021-08-11T05:14:36+00:00",
"revision_history": [
{
"date": "2021-08-11T05:14:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-11T05:14:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:12:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.src",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.src",
"product_id": "redhat-release-coreos-0:47.84-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product": {
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product_id": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product_id": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product_id": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product_id": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src"
},
"product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src"
},
"product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src"
},
"product_reference": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "RHBZ#1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "RHBZ#1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
RHBA-2021_2854
Vulnerability from csaf_redhat - Published: 2021-07-21 17:05 - Updated: 2024-11-24 20:21A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
|
A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.4.6 is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:2854",
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "external",
"summary": "1981537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981537"
},
{
"category": "external",
"summary": "1981794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981794"
},
{
"category": "external",
"summary": "MIG-752",
"url": "https://issues.redhat.com/browse/MIG-752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_2854.json"
}
],
"title": "Red Hat Bug Fix Advisory: Migration Toolkit for Containers (MTC) 1.4.6 release advisory",
"tracking": {
"current_release_date": "2024-11-24T20:21:59+00:00",
"generator": {
"date": "2024-11-24T20:21:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2021:2854",
"initial_release_date": "2021-07-21T17:05:20+00:00",
"revision_history": [
{
"date": "2021-07-21T17:05:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-21T17:05:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T20:21:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.4",
"product": {
"name": "8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.4::el8"
}
}
},
{
"category": "product_name",
"name": "7Server-RHMTC-1.4",
"product": {
"name": "7Server-RHMTC-1.4",
"product_id": "7Server-RHMTC-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.4.6-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.4.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.4.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.4.6-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 as a component of 7Server-RHMTC-1.4",
"product_id": "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"relates_to_product_reference": "7Server-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 as a component of 8Base-RHMTC-1.4",
"product_id": "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25011",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956919"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in PutLE16()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25011"
},
{
"category": "external",
"summary": "RHBZ#1956919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011"
}
],
"release_date": "2018-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in PutLE16()"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
}
],
"cve": "CVE-2020-25648",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2020-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1887319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nss: TLS 1.3 CCS flood remote DoS Attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25648"
},
{
"category": "external",
"summary": "RHBZ#1887319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648"
},
{
"category": "external",
"summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nss: TLS 1.3 CCS flood remote DoS Attack"
},
{
"cve": "CVE-2020-25692",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1894567"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openldap: NULL pointer dereference for unauthenticated packet in slapd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25692"
},
{
"category": "external",
"summary": "RHBZ#1894567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692"
}
],
"release_date": "2020-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openldap: NULL pointer dereference for unauthenticated packet in slapd"
},
{
"cve": "CVE-2020-26541",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2020-10-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886285"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26541"
},
{
"category": "external",
"summary": "RHBZ#1886285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886285"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26541",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26541"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541"
}
],
"release_date": "2020-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c"
},
{
"cve": "CVE-2020-27216",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2020-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1891132"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: local temporary directory hijacking vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27216"
},
{
"category": "external",
"summary": "RHBZ#1891132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053"
}
],
"release_date": "2020-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: local temporary directory hijacking vulnerability"
},
{
"cve": "CVE-2020-27218",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"discovery_date": "2020-11-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1902826"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: buffer not correctly recycled in Gzip Request inflation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27218"
},
{
"category": "external",
"summary": "RHBZ#1902826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8"
}
],
"release_date": "2020-11-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: buffer not correctly recycled in Gzip Request inflation"
},
{
"cve": "CVE-2020-27223",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934116"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27223"
},
{
"category": "external",
"summary": "RHBZ#1934116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"
}
],
"release_date": "2021-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS"
},
{
"cve": "CVE-2020-36328",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956829"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36328"
},
{
"category": "external",
"summary": "RHBZ#1956829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions"
},
{
"cve": "CVE-2020-36329",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36329"
},
{
"category": "external",
"summary": "RHBZ#1956843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329"
}
],
"release_date": "2020-02-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3516",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954225"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3516"
},
{
"category": "external",
"summary": "RHBZ#1954225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3517",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954232"
}
],
"notes": [
{
"category": "description",
"text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3517"
},
{
"category": "external",
"summary": "RHBZ#1954232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c"
},
{
"acknowledgments": [
{
"names": [
"zodf0055980"
],
"organization": "SQLab NCTU Taiwan"
}
],
"cve": "CVE-2021-3518",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954242"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3518"
},
{
"category": "external",
"summary": "RHBZ#1954242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c"
},
{
"cve": "CVE-2021-3520",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954559"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3520"
},
{
"category": "external",
"summary": "RHBZ#1954559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520"
}
],
"release_date": "2021-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument"
},
{
"acknowledgments": [
{
"names": [
"yuawn"
],
"organization": "NSLab NTU Taiwan"
}
],
"cve": "CVE-2021-3537",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956522"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3537"
},
{
"category": "external",
"summary": "RHBZ#1956522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537"
}
],
"release_date": "2021-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode"
},
{
"acknowledgments": [
{
"names": [
"Sebastian Pipping"
]
}
],
"cve": "CVE-2021-3541",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1950515"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3541"
},
{
"category": "external",
"summary": "RHBZ#1950515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541"
}
],
"release_date": "2021-05-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms"
},
{
"acknowledgments": [
{
"names": [
"Demi M. Obenour"
]
}
],
"cve": "CVE-2021-20271",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"discovery_date": "2021-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934125"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rpm: Signature checks bypass via corrupted rpm package",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM. It is strongly recommended to only use RPMs from trusted repositories.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20271"
},
{
"category": "external",
"summary": "RHBZ#1934125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271"
}
],
"release_date": "2021-03-11T22:53:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rpm: Signature checks bypass via corrupted rpm package"
},
{
"cve": "CVE-2021-21642",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952146"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn\u0027t configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21642"
},
{
"category": "external",
"summary": "RHBZ#1952146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204",
"url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks."
},
{
"cve": "CVE-2021-21643",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952148"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21643"
},
{
"category": "external",
"summary": "RHBZ#1952148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952148"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254",
"url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints."
},
{
"cve": "CVE-2021-21644",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952151"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21644"
},
{
"category": "external",
"summary": "RHBZ#1952151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability."
},
{
"cve": "CVE-2021-21645",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2021-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1952152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21645"
},
{
"category": "external",
"summary": "RHBZ#1952152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21645"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645"
}
],
"release_date": "2021-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints."
},
{
"cve": "CVE-2021-27219",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1929858"
}
],
"notes": [
{
"category": "description",
"text": "An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer.\n\nApplications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27219"
},
{
"category": "external",
"summary": "RHBZ#1929858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219"
}
],
"release_date": "2021-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33034",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1961305"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33034"
},
{
"category": "external",
"summary": "RHBZ#1961305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
},
{
"category": "external",
"summary": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl",
"url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
},
{
"category": "external",
"summary": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1",
"url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-21T17:05:20+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2854"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
"product_ids": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64",
"8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan"
}
]
}
RHBA-2021_2979
Vulnerability from csaf_redhat - Published: 2021-08-11 05:14 - Updated: 2024-12-17 17:57A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — | ||
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.7.23 is now available with\nupdates to packages and images that fix several bugs.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.23. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2977\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:2979",
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
},
{
"category": "external",
"summary": "1988937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988937"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_2979.json"
}
],
"title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update",
"tracking": {
"current_release_date": "2024-12-17T17:57:19+00:00",
"generator": {
"date": "2024-12-17T17:57:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHBA-2021:2979",
"initial_release_date": "2021-08-11T05:14:36+00:00",
"revision_history": [
{
"date": "2021-08-11T05:14:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-08-11T05:14:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T17:57:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.src",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.src",
"product_id": "redhat-release-coreos-0:47.84-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product": {
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product_id": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product_id": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product_id": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product": {
"name": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product_id": "redhat-release-coreos-0:47.84-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_id": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src"
},
"product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src"
},
"product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
},
"product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src"
},
"product_reference": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
},
"product_reference": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-coreos-0:47.84-1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
},
"product_reference": "redhat-release-coreos-0:47.84-1.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "RHBZ#1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "RHBZ#1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-08-11T05:14:36+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:2979"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src",
"8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src",
"8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x",
"8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64",
"8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x",
"8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64",
"8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src",
"8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src",
"8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
RHEA-2021:2679
Vulnerability from csaf_redhat - Published: 2021-07-08 18:40 - Updated: 2026-06-28 12:13A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases.",
"title": "Topic"
},
{
"category": "general",
"text": "To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 and above. This will simplify operational the experience by standardizing installation methods through the Operator Framework.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:2679",
"url": "https://access.redhat.com/errata/RHEA-2021:2679"
},
{
"category": "external",
"summary": "http://docs.openshift.com/acs/welcome/",
"url": "http://docs.openshift.com/acs/welcome/"
},
{
"category": "external",
"summary": "ROX-9384",
"url": "https://issues.redhat.com/browse/ROX-9384"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_2679.json"
}
],
"title": "Red Hat Enhancement Advisory: ACS 3.62 enhancement update",
"tracking": {
"current_release_date": "2026-06-28T12:13:08+00:00",
"generator": {
"date": "2026-06-28T12:13:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHEA-2021:2679",
"initial_release_date": "2021-07-08T18:40:34+00:00",
"revision_history": [
{
"date": "2021-07-08T18:40:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-08T18:40:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:13:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 3.62 for RHEL 8",
"product": {
"name": "RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:3.62::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.62.0-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.62.0-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64 as a component of RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"relates_to_product_reference": "8Base-RHACS-3.62"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64 as a component of RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"relates_to_product_reference": "8Base-RHACS-3.62"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
],
"known_not_affected": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-08T18:40:34+00:00",
"details": "The RHACS Operator will enable teams to:\n\n1. Speed up the time to show security value using one-click installation procedures in the OpenShift console\n2. Reduce the need for complex configuration procedures\n3. Embrace GitOps practices by using simplified configuration as yaml",
"product_ids": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:2679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
}
]
}
RHEA-2021_2679
Vulnerability from csaf_redhat - Published: 2021-07-08 18:40 - Updated: 2024-11-13 23:24A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases.",
"title": "Topic"
},
{
"category": "general",
"text": "To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 and above. This will simplify operational the experience by standardizing installation methods through the Operator Framework.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:2679",
"url": "https://access.redhat.com/errata/RHEA-2021:2679"
},
{
"category": "external",
"summary": "http://docs.openshift.com/acs/welcome/",
"url": "http://docs.openshift.com/acs/welcome/"
},
{
"category": "external",
"summary": "ROX-9384",
"url": "https://issues.redhat.com/browse/ROX-9384"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_2679.json"
}
],
"title": "Red Hat Enhancement Advisory: ACS 3.62 enhancement update",
"tracking": {
"current_release_date": "2024-11-13T23:24:40+00:00",
"generator": {
"date": "2024-11-13T23:24:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHEA-2021:2679",
"initial_release_date": "2021-07-08T18:40:34+00:00",
"revision_history": [
{
"date": "2021-07-08T18:40:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-08T18:40:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-13T23:24:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 3.62 for RHEL 8",
"product": {
"name": "RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:3.62::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.62.0-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.62.0-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64 as a component of RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64",
"relates_to_product_reference": "8Base-RHACS-3.62"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64 as a component of RHACS 3.62 for RHEL 8",
"product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64",
"relates_to_product_reference": "8Base-RHACS-3.62"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
],
"known_not_affected": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-08T18:40:34+00:00",
"details": "The RHACS Operator will enable teams to:\n\n1. Speed up the time to show security value using one-click installation procedures in the OpenShift console\n2. Reduce the need for complex configuration procedures\n3. Embrace GitOps practices by using simplified configuration as yaml",
"product_ids": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:2679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
}
]
}
RHSA-2021:2543
Vulnerability from csaf_redhat - Published: 2021-06-24 15:19 - Updated: 2026-07-03 02:09A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — | ||
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Jaeger 1.20.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Jaeger is Red Hat\u0027s distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2543",
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2543.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update",
"tracking": {
"current_release_date": "2026-07-03T02:09:57+00:00",
"generator": {
"date": "2026-07-03T02:09:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2021:2543",
"initial_release_date": "2021-06-24T15:19:30+00:00",
"revision_history": [
{
"date": "2021-06-24T15:19:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-06-24T15:19:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T02:09:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Jaeger 1.20",
"product": {
"name": "Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jaeger:1.20::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Jaeger"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product_id": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18"
}
}
},
{
"category": "product_version",
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x"
},
"product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x"
},
"product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
},
"product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64"
},
"product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
},
"product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"relates_to_product_reference": "8Base-JAEGER-1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 as a component of Red Hat OpenShift Jaeger 1.20",
"product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
},
"product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64",
"relates_to_product_reference": "8Base-JAEGER-1.20"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13949",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928172"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libthrift: potential DoS when processing untrusted payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* A vulnerable version of the libthrift library is delivered in listed OpenShift Container Platform (OCP) and OpenShift Jaeger (Jaeger) components, but the vulnerable code is not invoked, therefore these components are affected but with impact Moderate. \n\n* For Red Hat OpenStack, because the fix would require a substantial amount of development and OpenDaylight is deprecated in all future versions (RHOSP10 was in tech preview), no update will be provided at this time for the RHOSP libthrift package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13949"
},
{
"category": "external",
"summary": "RHBZ#1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
}
],
"release_date": "2021-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libthrift: potential DoS when processing untrusted payloads"
},
{
"cve": "CVE-2020-28362",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2020-11-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1897635"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: panic during recursive division of very large numbers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28362"
},
{
"category": "external",
"summary": "RHBZ#1897635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
}
],
"release_date": "2020-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: panic during recursive division of very large numbers"
},
{
"cve": "CVE-2020-28500",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928954"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28500"
},
{
"category": "external",
"summary": "RHBZ#1928954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions"
},
{
"cve": "CVE-2021-3114",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1918750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3114"
},
{
"category": "external",
"summary": "RHBZ#1918750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
"url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
}
],
"release_date": "2021-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
},
{
"cve": "CVE-2021-23337",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2021-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-lodash: command injection via template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"known_not_affected": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23337"
},
{
"category": "external",
"summary": "RHBZ#1928937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
}
],
"release_date": "2021-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-lodash: command injection via template"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-06-24T15:19:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html",
"product_ids": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2543"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x",
"8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
}
]
}
RHSA-2021:2704
Vulnerability from csaf_redhat - Published: 2021-07-13 16:56 - Updated: 2026-06-28 12:34An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Client kn 1.16.0\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2704",
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"category": "external",
"summary": "1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "1965503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503"
},
{
"category": "external",
"summary": "1971449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971449"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2704.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.16.0",
"tracking": {
"current_release_date": "2026-06-28T12:34:38+00:00",
"generator": {
"date": "2026-06-28T12:34:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2021:2704",
"initial_release_date": "2021-07-13T16:56:14+00:00",
"revision_history": [
{
"date": "2021-07-13T16:56:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-13T16:56:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:34:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Serverless 1.0",
"product": {
"name": "Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:serverless:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"product": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"product_id": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.src as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.src",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
},
"product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937901"
}
],
"notes": [
{
"category": "description",
"text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "RHBZ#1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T16:56:14+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T16:56:14+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33196",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1965503"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "RHBZ#1965503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T16:56:14+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2704"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion"
}
]
}
RHSA-2021:2705
Vulnerability from csaf_redhat - Published: 2021-07-13 21:41 - Updated: 2026-06-28 12:34An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le | — |
Vendor Fix
fix
|
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le | — |
Vendor Fix
fix
|
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless 1.16.0\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2705",
"url": "https://access.redhat.com/errata/RHSA-2021:2705"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"category": "external",
"summary": "1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "1965503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503"
},
{
"category": "external",
"summary": "1971445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971445"
},
{
"category": "external",
"summary": "1971448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971448"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2705.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless 1.16.0",
"tracking": {
"current_release_date": "2026-06-28T12:34:39+00:00",
"generator": {
"date": "2026-06-28T12:34:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2021:2705",
"initial_release_date": "2021-07-13T21:41:53+00:00",
"revision_history": [
{
"date": "2021-07-13T21:41:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-13T21:41:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:34:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Serverless 1.16",
"product": {
"name": "Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:serverless:1.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"product": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"product_id": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"product_identification_helper": {
"purl": "pkg:oci/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.22.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"product": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"product": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"product": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"product": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"product": {
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"product": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"product": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"product": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"product": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"product": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"product": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"product_identification_helper": {
"purl": "pkg:oci/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.16.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"product": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"product": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"product": {
"name": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"product_id": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-operator-bundle\u0026tag=1.16.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"product": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"product": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"product": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"product": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.22.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"product": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"product": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.22.0-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"product": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"product_id": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"product_identification_helper": {
"purl": "pkg:oci/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.22.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"product": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"product": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"product": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"product": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"product": {
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"product": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"product": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"product": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"product": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"product": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"product": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.16.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"product": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"product": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"product": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"product": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"product": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"product": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.22.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"product": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"product": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.22.0-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"product": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"product_id": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.22.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"product": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"product": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"product": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"product": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"product": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le",
"product": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le",
"product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.16.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"product": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"product": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.22.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"product": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.16.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.22.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.22.0-3"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"product": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.22.0-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64"
},
"product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x"
},
"product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le"
},
"product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64"
},
"product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x"
},
"product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64"
},
"product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x"
},
"product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x"
},
"product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x"
},
"product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64"
},
"product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x"
},
"product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64"
},
"product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x"
},
"product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64"
},
"product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64"
},
"product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le"
},
"product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x"
},
"product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64"
},
"product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x"
},
"product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le"
},
"product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le"
},
"product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64"
},
"product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x"
},
"product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x"
},
"product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64"
},
"product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le"
},
"product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64"
},
"product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le"
},
"product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x"
},
"product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le"
},
"product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64"
},
"product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x"
},
"product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64"
},
"product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le"
},
"product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x"
},
"product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64"
},
"product_reference": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64"
},
"product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x"
},
"product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le"
},
"product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x"
},
"product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64"
},
"product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x"
},
"product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x"
},
"product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64"
},
"product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64"
},
"product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x"
},
"product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x"
},
"product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64"
},
"product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64"
},
"product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x"
},
"product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le"
},
"product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x"
},
"product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64 as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64"
},
"product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le as a component of Red Hat OpenShift Serverless 1.16",
"product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
},
"product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-27918",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937901"
}
],
"notes": [
{
"category": "description",
"text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-27918"
},
{
"category": "external",
"summary": "RHBZ#1937901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw",
"url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T21:41:53+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2705"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T21:41:53+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2705"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33196",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1965503"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33196"
},
{
"category": "external",
"summary": "RHBZ#1965503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T21:41:53+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2705"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64",
"8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.