Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-34558 (GCVE-0-2021-34558)
Vulnerability from cvelistv5 – Published: 2021-07-15 13:47 – Updated: 2024-08-04 00:12
VLAI
EPSS
Summary
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
Severity
6.5 (Medium)
CWE
- n/a
Assigner
References
16 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://golang.org/doc/devel/release#go1.16.minor"
},
{
"name": "FEDORA-2021-25c0011e78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/"
},
{
"name": "FEDORA-2021-1bfb61f77c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/"
},
{
"name": "FEDORA-2021-3a55403080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/"
},
{
"name": "FEDORA-2021-47d259d3cf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/"
},
{
"name": "FEDORA-2021-6ac9b98f9e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/"
},
{
"name": "FEDORA-2021-07e4d20196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/"
},
{
"name": "FEDORA-2021-ffa749f7f7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/"
},
{
"name": "FEDORA-2021-54f88bebd4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/"
},
{
"name": "FEDORA-2021-c35235c250",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210813-0005/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T15:10:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://golang.org/doc/devel/release#go1.16.minor"
},
{
"name": "FEDORA-2021-25c0011e78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/"
},
{
"name": "FEDORA-2021-1bfb61f77c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/"
},
{
"name": "FEDORA-2021-3a55403080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/"
},
{
"name": "FEDORA-2021-47d259d3cf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/"
},
{
"name": "FEDORA-2021-6ac9b98f9e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/"
},
{
"name": "FEDORA-2021-07e4d20196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/"
},
{
"name": "FEDORA-2021-ffa749f7f7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/"
},
{
"name": "FEDORA-2021-54f88bebd4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/"
},
{
"name": "FEDORA-2021-c35235c250",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210813-0005/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-34558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://golang.org/doc/devel/release#go1.16.minor",
"refsource": "MISC",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
},
{
"name": "FEDORA-2021-25c0011e78",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/"
},
{
"name": "FEDORA-2021-1bfb61f77c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/"
},
{
"name": "FEDORA-2021-3a55403080",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/"
},
{
"name": "FEDORA-2021-47d259d3cf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/"
},
{
"name": "FEDORA-2021-6ac9b98f9e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/"
},
{
"name": "FEDORA-2021-07e4d20196",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/"
},
{
"name": "FEDORA-2021-ffa749f7f7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/"
},
{
"name": "FEDORA-2021-54f88bebd4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/"
},
{
"name": "FEDORA-2021-c35235c250",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210813-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210813-0005/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "GLSA-202208-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34558",
"datePublished": "2021-07-15T13:47:36.000Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:12:50.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-34558",
"date": "2026-06-29",
"epss": "0.07032",
"percentile": "0.93379"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.15.14\", \"matchCriteriaId\": \"D4C75B08-37AB-4BF9-8DAA-0E4479E5EB43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.16.0\", \"versionEndExcluding\": \"1.16.6\", \"matchCriteriaId\": \"EEAF2DA1-11A7-4A2B-A05A-26FD7E80805C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7E26C3B-E416-49D6-B296-33CD93694D39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D9A34F5-AC03-4098-A37D-AD50727DDB11\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"21.1.1.1.0\", \"matchCriteriaId\": \"20290BBC-E3C9-4B96-94FE-2DFADD4BF1F1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.\"}, {\"lang\": \"es\", \"value\": \"El paquete crypto/tls de Go versiones hasta 1.16.5, no afirma apropiadamente que el tipo de clave p\\u00fablica en un certificado X.509 coincida con el tipo esperado cuando se hace un intercambio de claves basado en RSA, permitiendo a un servidor TLS malicioso causar el p\\u00e1nico en un cliente TLS\"}]",
"id": "CVE-2021-34558",
"lastModified": "2024-11-21T06:10:40.993",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-07-15T14:15:19.660",
"references": "[{\"url\": \"https://golang.org/doc/devel/release#go1.16.minor\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210813-0005/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://golang.org/doc/devel/release#go1.16.minor\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202208-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210813-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-34558\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-07-15T14:15:19.660\",\"lastModified\":\"2024-11-21T06:10:40.993\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.\"},{\"lang\":\"es\",\"value\":\"El paquete crypto/tls de Go versiones hasta 1.16.5, no afirma apropiadamente que el tipo de clave p\u00fablica en un certificado X.509 coincida con el tipo esperado cuando se hace un intercambio de claves basado en RSA, permitiendo a un servidor TLS malicioso causar el p\u00e1nico en un cliente TLS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15.14\",\"matchCriteriaId\":\"D4C75B08-37AB-4BF9-8DAA-0E4479E5EB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.16.0\",\"versionEndExcluding\":\"1.16.6\",\"matchCriteriaId\":\"EEAF2DA1-11A7-4A2B-A05A-26FD7E80805C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7E26C3B-E416-49D6-B296-33CD93694D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D9A34F5-AC03-4098-A37D-AD50727DDB11\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.1.1.0\",\"matchCriteriaId\":\"20290BBC-E3C9-4B96-94FE-2DFADD4BF1F1\"}]}]}],\"references\":[{\"url\":\"https://golang.org/doc/devel/release#go1.16.minor\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210813-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://golang.org/doc/devel/release#go1.16.minor\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210813-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022:7954
Vulnerability from csaf_redhat - Published: 2022-11-15 13:20 - Updated: 2026-06-28 12:37Summary
Red Hat Security Advisory: podman security and bug fix update
Severity
Moderate
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)
* podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)
* containers/storage: DoS via malicious image (CVE-2021-20291)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.
7.5 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.
7.5 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
4.8 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in podman. Rootless containers receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts) which impact containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. The highest threat from this vulnerability is to data integrity.
5.9 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A deadlock vulnerability was found in `github.com/containers/storage`. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
5.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
55 references
Acknowledgments
Palo Alto Networks
Aviv Sasson
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* podman: podman machine spawns gvproxy with port bound to all IPs (CVE-2021-4024)\n\n* podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199)\n\n* containers/storage: DoS via malicious image (CVE-2021-20291)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7954",
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "1919050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
},
{
"category": "external",
"summary": "1939485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939485"
},
{
"category": "external",
"summary": "1972303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972303"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "2026675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675"
},
{
"category": "external",
"summary": "2040379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040379"
},
{
"category": "external",
"summary": "2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "2081349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081349"
},
{
"category": "external",
"summary": "2088116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088116"
},
{
"category": "external",
"summary": "2092798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092798"
},
{
"category": "external",
"summary": "2097694",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097694"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7954.json"
}
],
"title": "Red Hat Security Advisory: podman security and bug fix update",
"tracking": {
"current_release_date": "2026-06-28T12:37:37+00:00",
"generator": {
"date": "2026-06-28T12:37:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2022:7954",
"initial_release_date": "2022-11-15T13:20:30+00:00",
"revision_history": [
{
"date": "2022-11-15T13:20:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T13:20:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:37:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.2.0-3.el9.src",
"product": {
"name": "podman-2:4.2.0-3.el9.src",
"product_id": "podman-2:4.2.0-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.2.0-3.el9?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-2:4.2.0-3.el9.aarch64",
"product_id": "podman-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-gvproxy-2:4.2.0-3.el9.aarch64",
"product_id": "podman-gvproxy-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-plugins-2:4.2.0-3.el9.aarch64",
"product_id": "podman-plugins-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-remote-2:4.2.0-3.el9.aarch64",
"product_id": "podman-remote-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-tests-2:4.2.0-3.el9.aarch64",
"product_id": "podman-tests-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-debugsource-2:4.2.0-3.el9.aarch64",
"product_id": "podman-debugsource-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"product_id": "podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-debuginfo-2:4.2.0-3.el9.aarch64",
"product_id": "podman-debuginfo-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"product_id": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"product_id": "podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"product": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"product_id": "podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-3.el9?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-plugins-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-plugins-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-remote-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-remote-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-tests-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-tests-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-debugsource-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-debugsource-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"product": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_id": "podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-3.el9?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-2:4.2.0-3.el9.x86_64",
"product_id": "podman-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-gvproxy-2:4.2.0-3.el9.x86_64",
"product_id": "podman-gvproxy-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-plugins-2:4.2.0-3.el9.x86_64",
"product_id": "podman-plugins-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-remote-2:4.2.0-3.el9.x86_64",
"product_id": "podman-remote-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-tests-2:4.2.0-3.el9.x86_64",
"product_id": "podman-tests-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-debugsource-2:4.2.0-3.el9.x86_64",
"product_id": "podman-debugsource-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"product_id": "podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-debuginfo-2:4.2.0-3.el9.x86_64",
"product_id": "podman-debuginfo-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"product_id": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"product_id": "podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"product": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"product_id": "podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-3.el9?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-2:4.2.0-3.el9.s390x",
"product_id": "podman-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-gvproxy-2:4.2.0-3.el9.s390x",
"product_id": "podman-gvproxy-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-plugins-2:4.2.0-3.el9.s390x",
"product_id": "podman-plugins-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-remote-2:4.2.0-3.el9.s390x",
"product_id": "podman-remote-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-tests-2:4.2.0-3.el9.s390x",
"product_id": "podman-tests-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-debugsource-2:4.2.0-3.el9.s390x",
"product_id": "podman-debugsource-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"product_id": "podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-catatonit-debuginfo@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-debuginfo-2:4.2.0-3.el9.s390x",
"product_id": "podman-debuginfo-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"product_id": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"product_id": "podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"product": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"product_id": "podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.2.0-3.el9?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-2:4.2.0-3.el9.noarch",
"product": {
"name": "podman-docker-2:4.2.0-3.el9.noarch",
"product_id": "podman-docker-2:4.2.0-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@4.2.0-3.el9?arch=noarch\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.2.0-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src"
},
"product_reference": "podman-2:4.2.0-3.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-debuginfo-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-debuginfo-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-debuginfo-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-debugsource-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-debugsource-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-debugsource-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-debugsource-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-2:4.2.0-3.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch"
},
"product_reference": "podman-docker-2:4.2.0-3.el9.noarch",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-gvproxy-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-gvproxy-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-gvproxy-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-plugins-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-plugins-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-plugins-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-plugins-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-remote-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-remote-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-remote-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-remote-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64"
},
"product_reference": "podman-tests-2:4.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le"
},
"product_reference": "podman-tests-2:4.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x"
},
"product_reference": "podman-tests-2:4.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
},
"product_reference": "podman-tests-2:4.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28851",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28851"
},
{
"category": "external",
"summary": "RHBZ#1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension"
},
{
"cve": "CVE-2020-28852",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28852"
},
{
"category": "external",
"summary": "RHBZ#1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag"
},
{
"cve": "CVE-2021-4024",
"cwe": {
"id": "CWE-1327",
"name": "Binding to an Unrestricted IP Address"
},
"discovery_date": "2021-11-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2026675"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host\u0027s firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host\u0027s services by forwarding all ports to the VM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "podman: podman machine spawns gvproxy with port bound to all IPs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4024"
},
{
"category": "external",
"summary": "RHBZ#2026675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026675"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4024"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4024",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4024"
}
],
"release_date": "2021-11-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "podman: podman machine spawns gvproxy with port bound to all IPs"
},
{
"cve": "CVE-2021-20199",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2021-01-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1919050"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in podman. Rootless containers receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts) which impact containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. The highest threat from this vulnerability is to data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "podman: Remote traffic to rootless containers is seen as orginating from localhost",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect Podman prior to version 1.8.0. Podman shipped in the following products are therefore not affected:\n\n* Red Hat Enterprise Linux 7 Extras\n* Red Hat Enterprise Linux 8 Container Tools stream 1.0\n* Red Hat Enterprise Linux 8 Container Tools stream 2.0\n* OpenShift Container Platform 3.11\n* OpenShift Container Platform 4.1 to 4.5",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20199"
},
{
"category": "external",
"summary": "RHBZ#1919050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919050"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20199",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20199"
}
],
"release_date": "2021-01-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
},
{
"category": "workaround",
"details": "Configure containerized applications to require authentication for connections from all sources, including localhost.",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "podman: Remote traffic to rootless containers is seen as orginating from localhost"
},
{
"acknowledgments": [
{
"names": [
"Aviv Sasson"
],
"organization": "Palo Alto Networks"
}
],
"cve": "CVE-2021-20291",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"discovery_date": "2021-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1939485"
}
],
"notes": [
{
"category": "description",
"text": "A deadlock vulnerability was found in `github.com/containers/storage`. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containers/storage: DoS via malicious image",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was first exposed in v1.23.8 of containers/storage (and subsequently fixed in v1.28.1) with this git commit [1].\n\n* In OpenShift Container Platform (OCP) only 4.7 contains a version of CRI-O (and openshift/ose-docker-builder) which uses a vulnerable version of containers/storage. Subsequently this has been addressed in OCP 4.7.7.\n\n* Red Hat Quay quay-builder-container is not affected because it uses a version of github.com/containers/storage earlier than v1.23.8\n\n* Red Hat Openshift Virtualization is not affected because all containers depending on github.com/containers/storage use a version earlier than v1.23.8\n\n* For Red Hat OpenStack Platform, because containers/storage is not directly used by the director-operator, no update will be provided at this time for the operator containers.\n\n[1] - https://github.com/containers/storage/blob/e9989a949a0d2c32fa82d3ff1076e33cfec58cb9/layers.go#L1332",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20291"
},
{
"category": "external",
"summary": "RHBZ#1939485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20291"
},
{
"category": "external",
"summary": "https://unit42.paloaltonetworks.com/cve-2021-20291/",
"url": "https://unit42.paloaltonetworks.com/cve-2021-20291/"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "containers/storage: DoS via malicious image"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
},
{
"cve": "CVE-2022-27191",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064702"
}
],
"notes": [
{
"category": "description",
"text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crash in a golang.org/x/crypto/ssh server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "RHBZ#2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T13:20:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.src",
"AppStream-9.1.0.GA:podman-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-catatonit-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-debugsource-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-docker-2:4.2.0-3.el9.noarch",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-gvproxy-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-plugins-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-remote-debuginfo-2:4.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:podman-tests-2:4.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crash in a golang.org/x/crypto/ssh server"
}
]
}
RHSA-2022_0191
Vulnerability from csaf_redhat - Published: 2022-01-19 17:48 - Updated: 2024-12-17 17:58Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.2 Images security and bug fix update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Virtualization release 4.9.2 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.9.2 images:
RHEL-8-CNV-4.9
==============
kubevirt-vmware-container-v4.9.2-1
virtio-win-container-v4.9.2-1
kubemacpool-container-v4.9.2-1
ovs-cni-plugin-container-v4.9.2-1
ovs-cni-marker-container-v4.9.2-1
node-maintenance-operator-container-v4.9.2-1
cnv-containernetworking-plugins-container-v4.9.2-1
hostpath-provisioner-container-v4.9.2-1
bridge-marker-container-v4.9.2-1
kubevirt-template-validator-container-v4.9.2-1
cluster-network-addons-operator-container-v4.9.2-1
kubernetes-nmstate-handler-container-v4.9.2-1
hostpath-provisioner-operator-container-v4.9.2-2
cnv-must-gather-container-v4.9.2-2
virt-cdi-controller-container-v4.9.2-8
virt-cdi-apiserver-container-v4.9.2-8
virt-cdi-uploadserver-container-v4.9.2-8
virt-cdi-operator-container-v4.9.2-8
virt-cdi-uploadproxy-container-v4.9.2-8
virt-cdi-cloner-container-v4.9.2-8
virt-cdi-importer-container-v4.9.2-8
hyperconverged-cluster-webhook-container-v4.9.2-6
hyperconverged-cluster-operator-container-v4.9.2-6
kubevirt-ssp-operator-container-v4.9.2-3
kubevirt-v2v-conversion-container-v4.9.2-2
vm-import-controller-container-v4.9.2-2
vm-import-operator-container-v4.9.2-2
vm-import-virtv2v-container-v4.9.2-2
virt-launcher-container-v4.9.2-7
virt-controller-container-v4.9.2-7
virt-api-container-v4.9.2-7
virt-operator-container-v4.9.2-7
virt-artifacts-server-container-v4.9.2-7
libguestfs-tools-container-v4.9.2-7
virt-handler-container-v4.9.2-7
hco-bundle-registry-container-v4.9.2-27
Security Fix(es):
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 | — |
Workaround
|
Threats
Impact
Low
References
42 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.9.2 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.9.2 images:\n\nRHEL-8-CNV-4.9\n==============\nkubevirt-vmware-container-v4.9.2-1\nvirtio-win-container-v4.9.2-1\nkubemacpool-container-v4.9.2-1\novs-cni-plugin-container-v4.9.2-1\novs-cni-marker-container-v4.9.2-1\nnode-maintenance-operator-container-v4.9.2-1\ncnv-containernetworking-plugins-container-v4.9.2-1\nhostpath-provisioner-container-v4.9.2-1\nbridge-marker-container-v4.9.2-1\nkubevirt-template-validator-container-v4.9.2-1\ncluster-network-addons-operator-container-v4.9.2-1\nkubernetes-nmstate-handler-container-v4.9.2-1\nhostpath-provisioner-operator-container-v4.9.2-2\ncnv-must-gather-container-v4.9.2-2\nvirt-cdi-controller-container-v4.9.2-8\nvirt-cdi-apiserver-container-v4.9.2-8\nvirt-cdi-uploadserver-container-v4.9.2-8\nvirt-cdi-operator-container-v4.9.2-8\nvirt-cdi-uploadproxy-container-v4.9.2-8\nvirt-cdi-cloner-container-v4.9.2-8\nvirt-cdi-importer-container-v4.9.2-8\nhyperconverged-cluster-webhook-container-v4.9.2-6\nhyperconverged-cluster-operator-container-v4.9.2-6\nkubevirt-ssp-operator-container-v4.9.2-3\nkubevirt-v2v-conversion-container-v4.9.2-2\nvm-import-controller-container-v4.9.2-2\nvm-import-operator-container-v4.9.2-2\nvm-import-virtv2v-container-v4.9.2-2\nvirt-launcher-container-v4.9.2-7\nvirt-controller-container-v4.9.2-7\nvirt-api-container-v4.9.2-7\nvirt-operator-container-v4.9.2-7\nvirt-artifacts-server-container-v4.9.2-7\nlibguestfs-tools-container-v4.9.2-7\nvirt-handler-container-v4.9.2-7\nhco-bundle-registry-container-v4.9.2-27\n\nSecurity Fix(es):\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0191",
"url": "https://access.redhat.com/errata/RHSA-2022:0191"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1954505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954505"
},
{
"category": "external",
"summary": "1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "1992961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992961"
},
{
"category": "external",
"summary": "1995824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995824"
},
{
"category": "external",
"summary": "2015279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015279"
},
{
"category": "external",
"summary": "2018468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018468"
},
{
"category": "external",
"summary": "2022895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022895"
},
{
"category": "external",
"summary": "2026198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026198"
},
{
"category": "external",
"summary": "2028154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028154"
},
{
"category": "external",
"summary": "2030198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030198"
},
{
"category": "external",
"summary": "2032853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032853"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0191.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.2 Images security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T17:58:34+00:00",
"generator": {
"date": "2024-12-17T17:58:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0191",
"initial_release_date": "2022-01-19T17:48:00+00:00",
"revision_history": [
{
"date": "2022-01-19T17:48:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-19T17:48:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T17:58:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.9 for RHEL 8",
"product": {
"name": "CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.2-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.2-27"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.2-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.2-6"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.2-6"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.2-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.2-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"product_id": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.2-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.2-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.2-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.2-8"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.2-8"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.2-8"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.2-8"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.2-8"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.2-8"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.2-8"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.2-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.2-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.2-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.2-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.2-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"product": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.2-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"product": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.2-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64",
"product": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64",
"product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.2-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64"
},
"product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64"
},
"product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
},
"product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-19T17:48:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0191"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "RHBZ#1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-19T17:48:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0191"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-19T17:48:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0191"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "RHBZ#1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-19T17:48:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0191"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-19T17:48:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0191"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
RHSA-2022_0237
Vulnerability from csaf_redhat - Published: 2022-01-24 13:53 - Updated: 2024-12-17 21:53Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update
Severity
Important
Notes
Topic: An update for etcd is now available for Red Hat OpenStack Platform 16.2
(Train).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: A highly-available key value store for shared configuration
Security Fix(es):
* net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* crypto/tls: certificate of wrong type is causing TLS client to panic
(CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for etcd is now available for Red Hat OpenStack Platform 16.2\n(Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* crypto/tls: certificate of wrong type is causing TLS client to panic\n(CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0237",
"url": "https://access.redhat.com/errata/RHSA-2022:0237"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0237.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update",
"tracking": {
"current_release_date": "2024-12-17T21:53:24+00:00",
"generator": {
"date": "2024-12-17T21:53:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0237",
"initial_release_date": "2022-01-24T13:53:27+00:00",
"revision_history": [
{
"date": "2022-01-24T13:53:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-24T13:53:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:53:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-7.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-7.el8ost.src",
"product_id": "etcd-0:3.3.23-7.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-7.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-7.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-7.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-7.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-7.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-7.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-7.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-7.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-7.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-7.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-7.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-7.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-7.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-7.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-7.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-7.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-7.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-7.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-7.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-24T13:53:27+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-24T13:53:27+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-24T13:53:27+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0237"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
}
]
}
RHSA-2022_0260
Vulnerability from csaf_redhat - Published: 2022-01-25 13:55 - Updated: 2024-12-17 21:53Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update
Severity
Important
Notes
Topic: An update for etcd is now available for Red Hat OpenStack Platform 16.1
(Train).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: A highly-available key value store for shared configuration
Security Fix(es):
* net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* crypto/tls: certificate of wrong type is causing TLS client to panic
(CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for etcd is now available for Red Hat OpenStack Platform 16.1\n(Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* crypto/tls: certificate of wrong type is causing TLS client to panic\n(CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0260",
"url": "https://access.redhat.com/errata/RHSA-2022:0260"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0260.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update",
"tracking": {
"current_release_date": "2024-12-17T21:53:41+00:00",
"generator": {
"date": "2024-12-17T21:53:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0260",
"initial_release_date": "2022-01-25T13:55:40+00:00",
"revision_history": [
{
"date": "2022-01-25T13:55:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-25T13:55:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:53:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-7.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-7.el8ost.src",
"product_id": "etcd-0:3.3.23-7.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-7.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-7.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-7.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-7.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-7.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-7.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-7.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-7.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-7.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-7.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-7.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-7.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-7.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-7.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-7.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-7.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-7.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-7.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-7.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-7.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T13:55:40+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0260"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T13:55:40+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0260"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T13:55:40+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0260"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-7.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-7.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
}
]
}
RHSA-2022_0577
Vulnerability from csaf_redhat - Published: 2022-03-28 09:34 - Updated: 2024-12-17 21:55Summary
Red Hat Security Advisory: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]
Severity
Moderate
Notes
Topic: The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in golang.org. In x/text, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.
8.6 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
70 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0577",
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "1921650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
},
{
"category": "external",
"summary": "1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "1990573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990573"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "1992841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992841"
},
{
"category": "external",
"summary": "1994859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994859"
},
{
"category": "external",
"summary": "1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "2000772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000772"
},
{
"category": "external",
"summary": "2001547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001547"
},
{
"category": "external",
"summary": "2002961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002961"
},
{
"category": "external",
"summary": "2005360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005360"
},
{
"category": "external",
"summary": "2008601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008601"
},
{
"category": "external",
"summary": "2015772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015772"
},
{
"category": "external",
"summary": "2032048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032048"
},
{
"category": "external",
"summary": "WINC-747",
"url": "https://issues.redhat.com/browse/WINC-747"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0577.json"
}
],
"title": "Red Hat Security Advisory: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]",
"tracking": {
"current_release_date": "2024-12-17T21:55:01+00:00",
"generator": {
"date": "2024-12-17T21:55:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0577",
"initial_release_date": "2022-03-28T09:34:15+00:00",
"revision_history": [
{
"date": "2022-03-28T09:34:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-28T09:34:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:55:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"product": {
"name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"product_id": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"product_identification_helper": {
"purl": "pkg:oci/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle\u0026tag=v5.0.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64",
"product": {
"name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64",
"product_id": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-rhel8-operator\u0026tag=5.0.0-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64"
},
"product_reference": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
},
"product_reference": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28851",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28851"
},
{
"category": "external",
"summary": "RHBZ#1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension"
},
{
"cve": "CVE-2020-28852",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28852"
},
{
"category": "external",
"summary": "RHBZ#1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag"
},
{
"cve": "CVE-2021-3121",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1921650"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3121"
},
{
"category": "external",
"summary": "RHBZ#1921650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
}
],
"release_date": "2021-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
},
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-31525",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1958341"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31525"
},
{
"category": "external",
"summary": "RHBZ#1958341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
"url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
},
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "RHBZ#1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "RHBZ#1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T09:34:15+00:00",
"details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0577"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64",
"8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
}
]
}
RHSA-2022_0947
Vulnerability from csaf_redhat - Published: 2022-03-16 15:45 - Updated: 2024-12-17 21:54Summary
Red Hat Security Advisory: OpenShift Virtualization 4.10.0 Images security and bug fix update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Virtualization release 4.10.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.0 images:
RHEL-8-CNV-4.10
==============
kubevirt-velero-plugin-container-v4.10.0-8
virtio-win-container-v4.10.0-10
kubevirt-template-validator-container-v4.10.0-16
hostpath-csi-driver-container-v4.10.0-32
hostpath-provisioner-container-v4.10.0-32
hostpath-provisioner-operator-container-v4.10.0-62
cnv-must-gather-container-v4.10.0-110
virt-cdi-controller-container-v4.10.0-90
virt-cdi-apiserver-container-v4.10.0-90
virt-cdi-uploadserver-container-v4.10.0-90
virt-cdi-uploadproxy-container-v4.10.0-90
virt-cdi-operator-container-v4.10.0-90
virt-cdi-cloner-container-v4.10.0-90
virt-cdi-importer-container-v4.10.0-90
kubevirt-ssp-operator-container-v4.10.0-50
virt-api-container-v4.10.0-217
hyperconverged-cluster-webhook-container-v4.10.0-133
libguestfs-tools-container-v4.10.0-217
virt-handler-container-v4.10.0-217
virt-launcher-container-v4.10.0-217
virt-artifacts-server-container-v4.10.0-217
virt-controller-container-v4.10.0-217
node-maintenance-operator-container-v4.10.0-48
hyperconverged-cluster-operator-container-v4.10.0-133
virt-operator-container-v4.10.0-217
cnv-containernetworking-plugins-container-v4.10.0-49
kubemacpool-container-v4.10.0-49
bridge-marker-container-v4.10.0-49
ovs-cni-marker-container-v4.10.0-49
ovs-cni-plugin-container-v4.10.0-49
kubernetes-nmstate-handler-container-v4.10.0-49
cluster-network-addons-operator-container-v4.10.0-49
hco-bundle-registry-container-v4.10.0-696
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Vendor Fix
fix
|
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Vendor Fix
fix
|
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Vendor Fix
fix
|
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Workaround
|
Threats
Impact
Low
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Workaround
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Workaround
|
Threats
Impact
Moderate
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
157 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.10.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.0 images:\n\nRHEL-8-CNV-4.10\n\n==============\n\nkubevirt-velero-plugin-container-v4.10.0-8\nvirtio-win-container-v4.10.0-10\nkubevirt-template-validator-container-v4.10.0-16\nhostpath-csi-driver-container-v4.10.0-32\nhostpath-provisioner-container-v4.10.0-32\nhostpath-provisioner-operator-container-v4.10.0-62\ncnv-must-gather-container-v4.10.0-110\nvirt-cdi-controller-container-v4.10.0-90\nvirt-cdi-apiserver-container-v4.10.0-90\nvirt-cdi-uploadserver-container-v4.10.0-90\nvirt-cdi-uploadproxy-container-v4.10.0-90\nvirt-cdi-operator-container-v4.10.0-90\nvirt-cdi-cloner-container-v4.10.0-90\nvirt-cdi-importer-container-v4.10.0-90\nkubevirt-ssp-operator-container-v4.10.0-50\nvirt-api-container-v4.10.0-217\nhyperconverged-cluster-webhook-container-v4.10.0-133\nlibguestfs-tools-container-v4.10.0-217\nvirt-handler-container-v4.10.0-217\nvirt-launcher-container-v4.10.0-217\nvirt-artifacts-server-container-v4.10.0-217\nvirt-controller-container-v4.10.0-217\nnode-maintenance-operator-container-v4.10.0-48\nhyperconverged-cluster-operator-container-v4.10.0-133\nvirt-operator-container-v4.10.0-217\ncnv-containernetworking-plugins-container-v4.10.0-49\nkubemacpool-container-v4.10.0-49\nbridge-marker-container-v4.10.0-49\novs-cni-marker-container-v4.10.0-49\novs-cni-plugin-container-v4.10.0-49\nkubernetes-nmstate-handler-container-v4.10.0-49\ncluster-network-addons-operator-container-v4.10.0-49\nhco-bundle-registry-container-v4.10.0-696\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0947",
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1760028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760028"
},
{
"category": "external",
"summary": "1855182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855182"
},
{
"category": "external",
"summary": "1906151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906151"
},
{
"category": "external",
"summary": "1918294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918294"
},
{
"category": "external",
"summary": "1935217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935217"
},
{
"category": "external",
"summary": "1945586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945586"
},
{
"category": "external",
"summary": "1958085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958085"
},
{
"category": "external",
"summary": "1959039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959039"
},
{
"category": "external",
"summary": "1975978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975978"
},
{
"category": "external",
"summary": "1983079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983079"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1986970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986970"
},
{
"category": "external",
"summary": "1987009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987009"
},
{
"category": "external",
"summary": "1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "1990061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990061"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "1992231",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992231"
},
{
"category": "external",
"summary": "1993454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993454"
},
{
"category": "external",
"summary": "1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "1997540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997540"
},
{
"category": "external",
"summary": "1998300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998300"
},
{
"category": "external",
"summary": "1999110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999110"
},
{
"category": "external",
"summary": "1999636",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999636"
},
{
"category": "external",
"summary": "2000480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000480"
},
{
"category": "external",
"summary": "2001984",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001984"
},
{
"category": "external",
"summary": "2001987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001987"
},
{
"category": "external",
"summary": "2002272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002272"
},
{
"category": "external",
"summary": "2003704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003704"
},
{
"category": "external",
"summary": "2007397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007397"
},
{
"category": "external",
"summary": "2008140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008140"
},
{
"category": "external",
"summary": "2008411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008411"
},
{
"category": "external",
"summary": "2008938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008938"
},
{
"category": "external",
"summary": "2008949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008949"
},
{
"category": "external",
"summary": "2008975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008975"
},
{
"category": "external",
"summary": "2010540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010540"
},
{
"category": "external",
"summary": "2010908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010908"
},
{
"category": "external",
"summary": "2012920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012920"
},
{
"category": "external",
"summary": "2013160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013160"
},
{
"category": "external",
"summary": "2013455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013455"
},
{
"category": "external",
"summary": "2015327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015327"
},
{
"category": "external",
"summary": "2017255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017255"
},
{
"category": "external",
"summary": "2018457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018457"
},
{
"category": "external",
"summary": "2018925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018925"
},
{
"category": "external",
"summary": "2018970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018970"
},
{
"category": "external",
"summary": "2019053",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019053"
},
{
"category": "external",
"summary": "2021992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021992"
},
{
"category": "external",
"summary": "2025295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025295"
},
{
"category": "external",
"summary": "2025750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025750"
},
{
"category": "external",
"summary": "2025878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025878"
},
{
"category": "external",
"summary": "2026336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026336"
},
{
"category": "external",
"summary": "2026363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026363"
},
{
"category": "external",
"summary": "2026665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026665"
},
{
"category": "external",
"summary": "2026667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026667"
},
{
"category": "external",
"summary": "2027420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027420"
},
{
"category": "external",
"summary": "2027922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027922"
},
{
"category": "external",
"summary": "2029343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029343"
},
{
"category": "external",
"summary": "2029767",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029767"
},
{
"category": "external",
"summary": "2030660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030660"
},
{
"category": "external",
"summary": "2030686",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030686"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2031033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031033"
},
{
"category": "external",
"summary": "2031688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031688"
},
{
"category": "external",
"summary": "2031727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031727"
},
{
"category": "external",
"summary": "2031919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031919"
},
{
"category": "external",
"summary": "2032045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032045"
},
{
"category": "external",
"summary": "2032845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032845"
},
{
"category": "external",
"summary": "2032873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032873"
},
{
"category": "external",
"summary": "2032876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032876"
},
{
"category": "external",
"summary": "2033240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033240"
},
{
"category": "external",
"summary": "2033252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033252"
},
{
"category": "external",
"summary": "2034544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034544"
},
{
"category": "external",
"summary": "2035008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035008"
},
{
"category": "external",
"summary": "2035324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035324"
},
{
"category": "external",
"summary": "2035658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035658"
},
{
"category": "external",
"summary": "2035677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035677"
},
{
"category": "external",
"summary": "2036220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036220"
},
{
"category": "external",
"summary": "2036483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036483"
},
{
"category": "external",
"summary": "2036605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036605"
},
{
"category": "external",
"summary": "2037270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037270"
},
{
"category": "external",
"summary": "2037290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037290"
},
{
"category": "external",
"summary": "2037312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037312"
},
{
"category": "external",
"summary": "2037421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037421"
},
{
"category": "external",
"summary": "2038679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038679"
},
{
"category": "external",
"summary": "2038825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038825"
},
{
"category": "external",
"summary": "2038831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038831"
},
{
"category": "external",
"summary": "2038985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038985"
},
{
"category": "external",
"summary": "2039196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039196"
},
{
"category": "external",
"summary": "2039208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039208"
},
{
"category": "external",
"summary": "2039489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039489"
},
{
"category": "external",
"summary": "2039683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039683"
},
{
"category": "external",
"summary": "2039686",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039686"
},
{
"category": "external",
"summary": "2039691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039691"
},
{
"category": "external",
"summary": "2040113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040113"
},
{
"category": "external",
"summary": "2040115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040115"
},
{
"category": "external",
"summary": "2041519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041519"
},
{
"category": "external",
"summary": "2041530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041530"
},
{
"category": "external",
"summary": "2042139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042139"
},
{
"category": "external",
"summary": "2042799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042799"
},
{
"category": "external",
"summary": "2042842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042842"
},
{
"category": "external",
"summary": "2042856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042856"
},
{
"category": "external",
"summary": "2042880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042880"
},
{
"category": "external",
"summary": "2042908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042908"
},
{
"category": "external",
"summary": "2044348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044348"
},
{
"category": "external",
"summary": "2044398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044398"
},
{
"category": "external",
"summary": "2046271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046271"
},
{
"category": "external",
"summary": "2048227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048227"
},
{
"category": "external",
"summary": "2048275",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048275"
},
{
"category": "external",
"summary": "2051105",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051105"
},
{
"category": "external",
"summary": "2051693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051693"
},
{
"category": "external",
"summary": "2051968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051968"
},
{
"category": "external",
"summary": "2052489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052489"
},
{
"category": "external",
"summary": "2053027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053027"
},
{
"category": "external",
"summary": "2058167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058167"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0947.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.10.0 Images security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T21:54:52+00:00",
"generator": {
"date": "2024-12-17T21:54:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0947",
"initial_release_date": "2022-03-16T15:45:58+00:00",
"revision_history": [
{
"date": "2022-03-16T15:45:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-16T15:45:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:54:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.10 for RHEL 8",
"product": {
"name": "CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.10.0-49"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.10.0-49"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.10.0-49"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.10.0-110"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.10.0-696"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.10.0-62"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.10.0-133"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.10.0-133"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.10.0-49"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.10.0-49"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.10.0-50"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.10.0-16"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.10.0-217"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.10.0-48"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.10.0-49"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.10.0-49"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.10.0-217"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.10.0-217"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.10.0-90"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.10.0-90"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.10.0-90"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.10.0-90"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.10.0-90"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.10.0-90"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.10.0-90"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.10.0-217"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.10.0-217"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.10.0-10"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.10.0-217"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.10.0-217"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "RHBZ#1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "RHBZ#1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T15:45:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0947"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
}
]
}
RHSA-2022_0988
Vulnerability from csaf_redhat - Published: 2022-03-24 10:59 - Updated: 2024-12-17 21:55Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update
Severity
Moderate
Notes
Topic: An update for golang-github-vbatts-tar-split is now available for Red Hat
OpenStack Platform 16.1 (Train).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Security Fix(es):
* net: incorrect parsing of extraneous zero characters at the beginning of
an IP address octet (CVE-2021-29923)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for golang-github-vbatts-tar-split is now available for Red Hat\nOpenStack Platform 16.1 (Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* net: incorrect parsing of extraneous zero characters at the beginning of\nan IP address octet (CVE-2021-29923)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0988",
"url": "https://access.redhat.com/errata/RHSA-2022:0988"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "2020629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020629"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0988.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update",
"tracking": {
"current_release_date": "2024-12-17T21:55:23+00:00",
"generator": {
"date": "2024-12-17T21:55:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0988",
"initial_release_date": "2022-03-24T10:59:08+00:00",
"revision_history": [
{
"date": "2022-03-24T10:59:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-24T10:59:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:55:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"product": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"product_id": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-vbatts-tar-split@0.11.1-6.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"product": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"product_id": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-vbatts-tar-split@0.11.1-6.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"product": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"product_id": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-vbatts-tar-split@0.11.1-6.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le"
},
"product_reference": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src"
},
"product_reference": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
},
"product_reference": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-24T10:59:08+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0988"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-24T10:59:08+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0988"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.1:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
RHSA-2022_0998
Vulnerability from csaf_redhat - Published: 2022-03-23 22:12 - Updated: 2024-12-17 21:55Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (golang-github-vbatts-tar-split) security update
Severity
Moderate
Notes
Topic: An update for golang-github-vbatts-tar-split is now available for Red Hat
OpenStack Platform 16.2 (Train).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Security Fix(es):
* net: incorrect parsing of extraneous zero characters at the beginning of
an IP address octet (CVE-2021-29923)
* crypto/tls: certificate of wrong type is causing TLS client to panic
(CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for golang-github-vbatts-tar-split is now available for Red Hat\nOpenStack Platform 16.2 (Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* net: incorrect parsing of extraneous zero characters at the beginning of\nan IP address octet (CVE-2021-29923)\n\n* crypto/tls: certificate of wrong type is causing TLS client to panic\n(CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0998",
"url": "https://access.redhat.com/errata/RHSA-2022:0998"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0998.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (golang-github-vbatts-tar-split) security update",
"tracking": {
"current_release_date": "2024-12-17T21:55:08+00:00",
"generator": {
"date": "2024-12-17T21:55:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:0998",
"initial_release_date": "2022-03-23T22:12:28+00:00",
"revision_history": [
{
"date": "2022-03-23T22:12:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-23T22:12:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:55:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"product": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"product_id": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-vbatts-tar-split@0.11.1-6.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"product": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"product_id": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-vbatts-tar-split@0.11.1-6.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"product": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"product_id": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-vbatts-tar-split@0.11.1-6.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le"
},
"product_reference": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src"
},
"product_reference": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
},
"product_reference": "golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-23T22:12:28+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-23T22:12:28+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0998"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.ppc64le",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.src",
"8Base-RHOS-16.2:golang-github-vbatts-tar-split-0:0.11.1-6.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
RHSA-2022_1329
Vulnerability from csaf_redhat - Published: 2022-04-12 15:09 - Updated: 2024-12-17 17:57Summary
Red Hat Security Advisory: OpenShift Virtualization 4.8.5 RPMs security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Virtualization release 4.8.5 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.8.5 RPMs.
Security Fix(es):
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.
5.3 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.8.5 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. \n\nThis advisory contains OpenShift Virtualization 4.8.5 RPMs.\n\nSecurity Fix(es):\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1329",
"url": "https://access.redhat.com/errata/RHSA-2022:1329"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "2044050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044050"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1329.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.8.5 RPMs security update",
"tracking": {
"current_release_date": "2024-12-17T17:57:47+00:00",
"generator": {
"date": "2024-12-17T17:57:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:1329",
"initial_release_date": "2022-04-12T15:09:58+00:00",
"revision_history": [
{
"date": "2022-04-12T15:09:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-12T15:09:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T17:57:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.8 for RHEL 8",
"product": {
"name": "CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8"
}
}
},
{
"category": "product_name",
"name": "CNV 4.8 for RHEL 7",
"product": {
"name": "CNV 4.8 for RHEL 7",
"product_id": "7Server-CNV-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el7"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-0:4.8.5-278.el8.src",
"product": {
"name": "kubevirt-0:4.8.5-278.el8.src",
"product_id": "kubevirt-0:4.8.5-278.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.8.5-278.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "kubevirt-0:4.8.5-278.el7.src",
"product": {
"name": "kubevirt-0:4.8.5-278.el7.src",
"product_id": "kubevirt-0:4.8.5-278.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.8.5-278.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"product_id": "kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.8.5-278.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.8.5-278.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"product_id": "kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.8.5-278.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.8.5-278.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.8.5-278.el7.src as a component of CNV 4.8 for RHEL 7",
"product_id": "7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src"
},
"product_reference": "kubevirt-0:4.8.5-278.el7.src",
"relates_to_product_reference": "7Server-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.8.5-278.el7.x86_64 as a component of CNV 4.8 for RHEL 7",
"product_id": "7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64 as a component of CNV 4.8 for RHEL 7",
"product_id": "7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.8.5-278.el8.src as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src"
},
"product_reference": "kubevirt-0:4.8.5-278.el8.src",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.8.5-278.el8.x86_64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-33195",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989564"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: lookup functions may return invalid host names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33195"
},
{
"category": "external",
"summary": "RHBZ#1989564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-12T15:09:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1329"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: lookup functions may return invalid host names"
},
{
"cve": "CVE-2021-33197",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989570"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33197"
},
{
"category": "external",
"summary": "RHBZ#1989570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-12T15:09:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1329"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
},
{
"cve": "CVE-2021-33198",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1989575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33198"
},
{
"category": "external",
"summary": "RHBZ#1989575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
"url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
}
],
"release_date": "2021-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-12T15:09:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1329"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-12T15:09:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1329"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.8:kubevirt-0:4.8.5-278.el7.src",
"7Server-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el7.x86_64",
"7Server-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el7.x86_64",
"8Base-CNV-4.8:kubevirt-0:4.8.5-278.el8.src",
"8Base-CNV-4.8:kubevirt-virtctl-0:4.8.5-278.el8.x86_64",
"8Base-CNV-4.8:kubevirt-virtctl-redistributable-0:4.8.5-278.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
}
]
}
RHSA-2022_1372
Vulnerability from csaf_redhat - Published: 2022-04-13 18:48 - Updated: 2024-12-17 21:55Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update
Severity
Important
Notes
Topic: Updated images that include numerous enhancements, security, and bug fixes
are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
Bug Fix(es):
These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.
or more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
6.5 (Medium)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.
5.9 (Medium)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.
7.5 (High)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
72 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
137 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that include numerous enhancements, security, and bug fixes\nare now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat\nEnterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nBug Fix(es):\nThese updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.\n\nor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information refer to the CVE\npage(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1372",
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1898988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898988"
},
{
"category": "external",
"summary": "1954708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954708"
},
{
"category": "external",
"summary": "1956418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956418"
},
{
"category": "external",
"summary": "1970123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970123"
},
{
"category": "external",
"summary": "1972190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1972190"
},
{
"category": "external",
"summary": "1974344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974344"
},
{
"category": "external",
"summary": "1981341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981341"
},
{
"category": "external",
"summary": "1981694",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981694"
},
{
"category": "external",
"summary": "1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "1991462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991462"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "1996830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996830"
},
{
"category": "external",
"summary": "1996833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996833"
},
{
"category": "external",
"summary": "1999689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999689"
},
{
"category": "external",
"summary": "1999952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999952"
},
{
"category": "external",
"summary": "2003532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003532"
},
{
"category": "external",
"summary": "2005801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005801"
},
{
"category": "external",
"summary": "2005919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005919"
},
{
"category": "external",
"summary": "2021313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021313"
},
{
"category": "external",
"summary": "2022424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022424"
},
{
"category": "external",
"summary": "2022693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022693"
},
{
"category": "external",
"summary": "2024107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024107"
},
{
"category": "external",
"summary": "2024545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024545"
},
{
"category": "external",
"summary": "2026007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026007"
},
{
"category": "external",
"summary": "2027666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027666"
},
{
"category": "external",
"summary": "2027826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027826"
},
{
"category": "external",
"summary": "2028559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028559"
},
{
"category": "external",
"summary": "2029413",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029413"
},
{
"category": "external",
"summary": "2030602",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030602"
},
{
"category": "external",
"summary": "2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2030839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030839"
},
{
"category": "external",
"summary": "2031023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031023"
},
{
"category": "external",
"summary": "2031705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031705"
},
{
"category": "external",
"summary": "2032404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032404"
},
{
"category": "external",
"summary": "2032412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032412"
},
{
"category": "external",
"summary": "2032656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032656"
},
{
"category": "external",
"summary": "2032969",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032969"
},
{
"category": "external",
"summary": "2032984",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032984"
},
{
"category": "external",
"summary": "2033251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033251"
},
{
"category": "external",
"summary": "2034003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034003"
},
{
"category": "external",
"summary": "2034805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034805"
},
{
"category": "external",
"summary": "2034904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034904"
},
{
"category": "external",
"summary": "2035774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035774"
},
{
"category": "external",
"summary": "2035995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035995"
},
{
"category": "external",
"summary": "2036018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036018"
},
{
"category": "external",
"summary": "2036211",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036211"
},
{
"category": "external",
"summary": "2037279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037279"
},
{
"category": "external",
"summary": "2037318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037318"
},
{
"category": "external",
"summary": "2037497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037497"
},
{
"category": "external",
"summary": "2038884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038884"
},
{
"category": "external",
"summary": "2039240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039240"
},
{
"category": "external",
"summary": "2040682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040682"
},
{
"category": "external",
"summary": "2041507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041507"
},
{
"category": "external",
"summary": "2042866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042866"
},
{
"category": "external",
"summary": "2043017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043017"
},
{
"category": "external",
"summary": "2043028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043028"
},
{
"category": "external",
"summary": "2043406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043406"
},
{
"category": "external",
"summary": "2043513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043513"
},
{
"category": "external",
"summary": "2044447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044447"
},
{
"category": "external",
"summary": "2044823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044823"
},
{
"category": "external",
"summary": "2045084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045084"
},
{
"category": "external",
"summary": "2046186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046186"
},
{
"category": "external",
"summary": "2046254",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046254"
},
{
"category": "external",
"summary": "2046677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046677"
},
{
"category": "external",
"summary": "2046766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046766"
},
{
"category": "external",
"summary": "2046887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046887"
},
{
"category": "external",
"summary": "2047162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047162"
},
{
"category": "external",
"summary": "2047201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047201"
},
{
"category": "external",
"summary": "2047562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047562"
},
{
"category": "external",
"summary": "2047565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047565"
},
{
"category": "external",
"summary": "2047625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047625"
},
{
"category": "external",
"summary": "2047632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047632"
},
{
"category": "external",
"summary": "2047642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047642"
},
{
"category": "external",
"summary": "2048107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048107"
},
{
"category": "external",
"summary": "2048370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048370"
},
{
"category": "external",
"summary": "2048458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048458"
},
{
"category": "external",
"summary": "2049029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049029"
},
{
"category": "external",
"summary": "2049075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049075"
},
{
"category": "external",
"summary": "2049081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049081"
},
{
"category": "external",
"summary": "2049424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049424"
},
{
"category": "external",
"summary": "2049509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049509"
},
{
"category": "external",
"summary": "2049718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049718"
},
{
"category": "external",
"summary": "2049727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049727"
},
{
"category": "external",
"summary": "2049771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049771"
},
{
"category": "external",
"summary": "2049790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049790"
},
{
"category": "external",
"summary": "2050056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050056"
},
{
"category": "external",
"summary": "2050142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050142"
},
{
"category": "external",
"summary": "2050402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050402"
},
{
"category": "external",
"summary": "2050483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050483"
},
{
"category": "external",
"summary": "2051249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051249"
},
{
"category": "external",
"summary": "2051406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051406"
},
{
"category": "external",
"summary": "2051599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051599"
},
{
"category": "external",
"summary": "2051913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051913"
},
{
"category": "external",
"summary": "2052027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052027"
},
{
"category": "external",
"summary": "2052438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052438"
},
{
"category": "external",
"summary": "2052937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052937"
},
{
"category": "external",
"summary": "2052996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052996"
},
{
"category": "external",
"summary": "2053156",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053156"
},
{
"category": "external",
"summary": "2053517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053517"
},
{
"category": "external",
"summary": "2054147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054147"
},
{
"category": "external",
"summary": "2054755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054755"
},
{
"category": "external",
"summary": "2061251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061251"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1372.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security \u0026 bug fix update",
"tracking": {
"current_release_date": "2024-12-17T21:55:29+00:00",
"generator": {
"date": "2024-12-17T21:55:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:1372",
"initial_release_date": "2022-04-13T18:48:58+00:00",
"revision_history": [
{
"date": "2022-04-13T18:48:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-13T18:48:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:55:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHODF 4.10 for RHEL 8",
"product": {
"name": "RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"product_id": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.10.0-35"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"product_id": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.10.0-12"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"product_id": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"product_id": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.10.0-56"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"product_id": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"product_id": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.10.0-58"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"product": {
"name": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"product_id": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.10.0-15"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.10.0-13"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"product": {
"name": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"product_id": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"product_id": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"product_id": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.10.0-16"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"product_id": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"product_id": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.10.0-26"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.10.0-54"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.10.0-11"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"product_id": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.10.0-35"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"product_id": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.10.0-12"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"product_id": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"product_id": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.10.0-56"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"product_id": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"product_id": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.10.0-58"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"product": {
"name": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"product_id": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.10.0-15"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.10.0-13"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"product": {
"name": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"product_id": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"product_id": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"product_id": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.10.0-16"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"product_id": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"product_id": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.10.0-26"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.10.0-54"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857?arch=amd64\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.10.0-11"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"product_id": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.10.0-35"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"product_id": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.10.0-12"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"product_id": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"product_id": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.10.0-56"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"product_id": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"product_id": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.10.0-58"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"product": {
"name": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"product_id": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.10.0-14"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.10.0-15"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"product": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"product_id": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-must-gather-rhel8\u0026tag=v4.10.0-13"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"product": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"product_id": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"product": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"product_id": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-lvm-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.10.0-32"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"product": {
"name": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"product_id": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"product_id": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.10.0-27"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"product": {
"name": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"product_id": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-topolvm-rhel8\u0026tag=v4.10.0-16"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"product_id": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.10.0-221"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"product_id": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.10.0-26"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.10.0-54"
}
}
},
{
"category": "product_version",
"name": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"product": {
"name": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"product_id": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator\u0026tag=v4.10.0-11"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le"
},
"product_reference": "odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x"
},
"product_reference": "odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64"
},
"product_reference": "odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64"
},
"product_reference": "odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le"
},
"product_reference": "odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64"
},
"product_reference": "odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x"
},
"product_reference": "odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le"
},
"product_reference": "odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64"
},
"product_reference": "odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x"
},
"product_reference": "odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"relates_to_product_reference": "8Base-RHODF-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64 as a component of RHODF 4.10 for RHEL 8",
"product_id": "8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
},
"product_reference": "odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64",
"relates_to_product_reference": "8Base-RHODF-4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-34558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1983596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-34558"
},
{
"category": "external",
"summary": "RHBZ#1983596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.15.minor",
"url": "https://golang.org/doc/devel/release#go1.15.minor"
},
{
"category": "external",
"summary": "https://golang.org/doc/devel/release#go1.16.minor",
"url": "https://golang.org/doc/devel/release#go1.16.minor"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
},
{
"cve": "CVE-2021-43565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030787"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: empty plaintext packet causes panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43565"
},
{
"category": "external",
"summary": "RHBZ#2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
}
],
"release_date": "2021-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto: empty plaintext packet causes panic"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-13T18:48:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1372"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:9de4f6848556d362dab3fcc534a6e7098649b353139d1b8d796317b8474125c2_s390x",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:d828aab4db3bb853a9c2be53ef65e968e7dca8faacb480e9c6802093181a8f16_amd64",
"8Base-RHODF-4.10:odf4/cephcsi-rhel8@sha256:f41411e6c6d65e52a3e3bb6cf3582116646e8ebc4ae9bf8eac77a00433855b20_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4338ea20fce25b664e880066144a5de7769623373cbfde1f46666aace4d9b855_amd64",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:4ed1db89bdd6150f28721a3c18bcfa7e221b1b621c12ae8830fd35923dea08ca_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-core-rhel8@sha256:f2a35675f04b3852dadbea99fef57dcc85ab5670929f7b0d52981e227047123c_s390x",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:983c8661518fe3efa01e5d64b389043ac856f013b4ec346d5da252848d8b2252_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:e1ae5ed85e17ad3cdbdc5049f5c3064f2616c5a6f445ec9d38e7f915d494776b_amd64",
"8Base-RHODF-4.10:odf4/mcg-operator-bundle@sha256:eb454980189ece047c2d97046f77ed67877ff0d6a17ea52621f28d9fba702d28_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:4a4bd7a6b537d75aaa982c308eedc805809c2576f5d75498a432991c7e199534_ppc64le",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:ae593d312597211d35a2d89cefdcf879eb1db1eac9bfdc76c756be78b111b5e7_s390x",
"8Base-RHODF-4.10:odf4/mcg-rhel8-operator@sha256:e6162ae89bf73e29c304080e868d47f13c46e389c6f2f6bde856ebeda20306f5_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:09a8a3da7024fbd081caff8cd62c67c898beade0597ff0656d0994daa08b4166_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:3a6619c418c74824b6a69dfce26f2070aae8b7d56b7cea756ab68d5e2c459e07_amd64",
"8Base-RHODF-4.10:odf4/ocs-must-gather-rhel8@sha256:d9332ec67415a78d38ee60b7d15c63475693590160caeb461767683b0dd21751_s390x",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:7cebd714435a398ade4f686d2943786d8485ea5333f5b16365991ae49303f097_ppc64le",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a640d9395a7dad7c5d2306af3ba60a3430358e705b647ebf272e38e27282ad4c_amd64",
"8Base-RHODF-4.10:odf4/ocs-operator-bundle@sha256:a70904f7570095a0721e5fcf7bc4fe1c431112f6ef4437d1b5ed67f8462d7926_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:32a1d52cfc7b91c0186e5423245bd06e525c6890ed77bca7335e56c48e2cd86b_amd64",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:9759e45e271ef502e2ed6f7e12dc2ecb10e39fc0cd22e195f7d47edec39ff0fd_s390x",
"8Base-RHODF-4.10:odf4/ocs-rhel8-operator@sha256:a3b3a3e9a8332d3b5d5137ff89e1843e6506507c2ebb069c9a7bbfcd03dfdd42_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:1d988be397cae4aad67a43534a2875edbee24135ba549549156fb8aa883f22a6_ppc64le",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:54f6bca97f44b76c065bbaed5915a97693ce1ea1a3f3a1cf65c610ff81622f3c_s390x",
"8Base-RHODF-4.10:odf4/odf-console-rhel8@sha256:7c89981748d38fafa31c8a8d624381db9c14c07160de7bc13588a0b0e3673b33_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:84407db398089fe2b60b83f4cbd94fd30581d928d6edf614de5d34cec3f21014_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:c7e57040123bc4ef58444a7b2bbf076588876c56f8903e57a3646db0c4c430ca_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-operator-bundle@sha256:cca6c8289d099a0c6ad92387991089058f344d9fe33c63535898023e182856dc_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:c2a30fc5971995e4c3bf90f7c56733d74a3af9f3e59978d4705a3eee5d0b565a_amd64",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:e7daa827ed079b6f60419beebdf9a5adab484c5617edc6ed51ff4deb8e7ce735_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-rhel8-operator@sha256:fb700cd42c272775cdba1e9aab83572b48d8320d2de595f8b2dc9281b477b7cb_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:57d765f210d5aadc288a5ea5b8229effd18874e10ba7ae6a5fbbe53d745796e5_s390x",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:7da72672ed9f83988c559614794b5368093e28de7ec218a793b103c86be1490b_ppc64le",
"8Base-RHODF-4.10:odf4/odf-csi-addons-sidecar-rhel8@sha256:d7f0286b395ff43611c591c1406a2f37821246a5543d24acfb92ccf622384fba_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:5cdee3d267742de595ad057858f43021938079d345e8f58a6eee892d78634c74_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:7c40a459ec0ef75b13dd63dae970688b4cf625f339f84c4d01600d41920a1510_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-must-gather-rhel8@sha256:f8c68e2a9112fadacfe4f3b9f9f6ceab32a72052b684a3402412a764618e8a9e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:257ca6d222964bd18c4d7b05531623696cda01108b5362a6e97a6c05efe71c8e_amd64",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:e9c083cd238fb4fee2c0ac5baca54d863487084e64288f75d7d94435eb772706_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-operator-bundle@sha256:f7cccdf83a047aa3cf59820c58bbf0d76ed1bf7e986b1a830d8eff2a145c21bc_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:4bd043601f813edae2aef686e907de2c1cb7799b375d60abe22af4c6229e1c20_s390x",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:76c90e7ac58c1fdb8a5d01a229f010ec517ea9d8c906fb4ce0eb0cd73a37a97d_ppc64le",
"8Base-RHODF-4.10:odf4/odf-lvm-rhel8-operator@sha256:afa1f9113288540b9b273b80af6d41792aece2cdace2f9503a4f55e780fb3549_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:75382a495f60b766fa9eda0655ffbb0f71ee4cdae97460b57b6a4aeb5c05f002_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:bba27843af4366260fc01c4c67652bc8e84c038e2bbc69274cb090f6048ef448_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-operator-bundle@sha256:ca24dab680c6cc31c1ff20db6b428cfc312f33ba318c2bb2de11625b72dd6390_s390x",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:19ff08d09066658e51074527f75e194873b3351b6cb0bb47207c21bb537a4eef_ppc64le",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:9ef5cfb21028838a9c30b0e593e1b05a205046b4592452b1c23b8e257fa3ccb8_amd64",
"8Base-RHODF-4.10:odf4/odf-multicluster-rhel8-operator@sha256:a59a966565220ca1aa6eb95803660949cfa6ed32a64b0c0c561ac229f4c7f6ca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:393e2ce8111ba011a91782b4f47175bb069d762bc14a434a37e10c8a76daabca_s390x",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:8597f6adc1865ab64ba0d42caa2793cf8f44b86251fd53e7a30ec00b3f1cbd20_ppc64le",
"8Base-RHODF-4.10:odf4/odf-operator-bundle@sha256:dc4d9a53dea5573e3020ad5d1ea1018705b6be25294c722d29f57bd90564c58c_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:4ea80063a33a0524cffd54d2ee915332cd0bfafe8e448d1c283a9c80f46b8471_ppc64le",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:73fac885482871f744fcf2e5635be1e10d812845ba122d30446641f11d436099_amd64",
"8Base-RHODF-4.10:odf4/odf-rhel8-operator@sha256:c53e6cb927dc1d241f1466f3d11af80fe64a89a48c215e11c65cb04e08cf35fb_s390x",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:2f872d7bfb2f4655edfe0ba42e70a6a69e90c129342cae2f2ba2d80c169d0afa_amd64",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:346a8438e87d63ac4020310d5226839d261bc483cebe6875bb8a82f166b0a782_ppc64le",
"8Base-RHODF-4.10:odf4/odf-topolvm-rhel8@sha256:609c3b047342f5e6a8132891bb3f049e259a32fe650660adb36c84ccdb63ae3c_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:66d0b4370fc757e1c4cf7733308f6e7a75b7eb8887ef022af68f7174335dde6d_ppc64le",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:df61454d23b0c733a0ba643a07a85915914b56fbbc778a5707331bbac41a2afa_s390x",
"8Base-RHODF-4.10:odf4/odr-cluster-operator-bundle@sha256:fd6d7f3775724702389a2dbd57869f6d9963dddaee3f9d5084992f15bcdde638_amd64",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:35c6cf9f55542331bdf59caade4564cfc83adf79dab83298de1838248a6607ce_s390x",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:733973b032ae9d5a436c6d2fa3b68647224b25ca2d93047bd63770109ba28c8e_ppc64le",
"8Base-RHODF-4.10:odf4/odr-hub-operator-bundle@sha256:bfa02459d18d144adddebcc6ee8f612071065fc0fd5305bdaa2ed4338cbd9382_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:5d683d91aa19544c27311f53c1d7462d138fabe19af490e4e1052220eb34cdb7_amd64",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:8785852f2b30b04ac8696078f6fd8bcefa6e9e5ddc9c37e199b3679f295332fc_s390x",
"8Base-RHODF-4.10:odf4/odr-rhel8-operator@sha256:d96c94c9f9cbb00b882b435c7f30b50ea8f1186ad14c65903a24e840b8ec3a29_ppc64le",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:4d863979f67280825c7a10cbcebc495972e3d0ac58f10f63987706d6f8c8f60f_s390x",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:8fabff5be7802f8de5f1026893ae4f7bafb66a1e1f70df16c667e537ee0bedcd_amd64",
"8Base-RHODF-4.10:odf4/rook-ceph-rhel8-operator@sha256:afb3f630b3215e327122688dc9edf0b651fda692c29a2b861df7357492f54702_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:3808e1084febf2ee4d32e2ae6334c4feb17c1ac57df3c30d514227514cbd4a2c_ppc64le",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:60133217c4f4d5cc1e778e92f7de31a527ff43846aaebe5db6dd5d9978d7c2fb_s390x",
"8Base-RHODF-4.10:odf4/volume-replication-rhel8-operator@sha256:ad89936da3510643ac92087fedfc71965cb4b1e2e1845162f6e04eeb02b5f857_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…